Search criteria
4 vulnerabilities found for dw7000 by hughes
VAR-201807-0126
Vulnerability from variot - Updated: 2023-12-18 12:50Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple Hughes Satellite Modems are prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. A hard-coded credentials vulnerability 3. An authentication bypass vulnerability An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible. The following products are vulnerable: HN7740S DW7000 HN7000S/SM. Hughes satellite is a set of solutions for satellite broadband services from Hughes Corporation of the United States. HN7740S, DW7000 and HN7000S/SM are the modems used in it. An attacker could exploit this vulnerability by sending a specially crafted GET request to cause a denial of service. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hn7000sm",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "dw7000",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "hn7000s",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "hn7740s",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kontron s t",
"version": null
},
{
"model": "dw7000",
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": "hn7000s/sm",
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": "hn7740s",
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": "hn7740s",
"scope": "eq",
"trust": 0.3,
"vendor": "hughes",
"version": "0"
},
{
"model": "hn7000s/sm",
"scope": "eq",
"trust": 0.3,
"vendor": "hughes",
"version": "0"
},
{
"model": "dw7000",
"scope": "eq",
"trust": 0.3,
"vendor": "hughes",
"version": "0"
},
{
"model": "hn7740s",
"scope": "ne",
"trust": 0.3,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "hn7000s/sm",
"scope": "ne",
"trust": 0.3,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "dw7000",
"scope": "ne",
"trust": 0.3,
"vendor": "hughes",
"version": "6.9.0.34"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9494"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-605"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:hn7740s_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:hn7740s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:dw7000_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:dw7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:hn7000s_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:hn7000s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:hn7000sm_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:hn7000sm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9494"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "anonymous",
"sources": [
{
"db": "BID",
"id": "96244"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9494",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-98314",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9494",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-605",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-98314",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98314"
},
{
"db": "NVD",
"id": "CVE-2016-9494"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-605"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple Hughes Satellite Modems are prone to the following security vulnerabilities:\n1. Multiple denial-of-service vulnerabilities\n2. A hard-coded credentials vulnerability\n3. An authentication bypass vulnerability\nAn attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible. \nThe following products are vulnerable:\nHN7740S\nDW7000\nHN7000S/SM. Hughes satellite is a set of solutions for satellite broadband services from Hughes Corporation of the United States. HN7740S, DW7000 and HN7000S/SM are the modems used in it. An attacker could exploit this vulnerability by sending a specially crafted GET request to cause a denial of service. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9494"
},
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "VULHUB",
"id": "VHN-98314"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#614751",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-9494",
"trust": 2.8
},
{
"db": "BID",
"id": "96244",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU93522863",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-605",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-98314",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "VULHUB",
"id": "VHN-98314"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9494"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-605"
}
]
},
"id": "VAR-201807-0126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-98314"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:50:39.297000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Broadband Satellite Modems, Routers, and Appliances",
"trust": 0.8,
"url": "https://www.hughes.com/technologies/broadband-satellite-systems/hn-systems"
},
{
"title": "Multiple Hughes satellite modems Fixes for product input validation vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68210"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-605"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-798",
"trust": 0.8
},
{
"problemtype": "CWE-306",
"trust": 0.8
},
{
"problemtype": "CWE-288",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98314"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9494"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/614751"
},
{
"trust": 1.7,
"url": "https://www.securityfocus.com/bid/96244"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9495"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9496"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9497"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9494"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93522863/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9497"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9494"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9495"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9496"
},
{
"trust": 0.3,
"url": "http://www.hughes.com"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/614751 "
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "VULHUB",
"id": "VHN-98314"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9494"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-605"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "VULHUB",
"id": "VHN-98314"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9494"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-605"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-15T00:00:00",
"db": "CERT/CC",
"id": "VU#614751"
},
{
"date": "2018-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-98314"
},
{
"date": "2017-02-15T00:00:00",
"db": "BID",
"id": "96244"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"date": "2018-07-13T20:29:01.737000",
"db": "NVD",
"id": "CVE-2016-9494"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-605"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-27T00:00:00",
"db": "CERT/CC",
"id": "VU#614751"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-98314"
},
{
"date": "2017-03-07T04:02:00",
"db": "BID",
"id": "96244"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"date": "2019-10-09T23:20:32.320000",
"db": "NVD",
"id": "CVE-2016-9494"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-605"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-605"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hughes satellite modems contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-605"
}
],
"trust": 0.6
}
}
VAR-201807-0129
Vulnerability from variot - Updated: 2023-12-18 12:50Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple Hughes Satellite Modems are prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. A hard-coded credentials vulnerability 3. An authentication bypass vulnerability An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible. The following products are vulnerable: HN7740S DW7000 HN7000S/SM. Hughes satellite is a set of solutions for satellite broadband services from Hughes Corporation of the United States. HN7740S, DW7000 and HN7000S/SM are the modems used in it. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0129",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hn7000sm",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "dw7000",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "hn7000s",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "hn7740s",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kontron s t",
"version": null
},
{
"model": "dw7000",
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": "hn7000s/sm",
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": "hn7740s",
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": "hn7740s",
"scope": "eq",
"trust": 0.3,
"vendor": "hughes",
"version": "0"
},
{
"model": "hn7000s/sm",
"scope": "eq",
"trust": 0.3,
"vendor": "hughes",
"version": "0"
},
{
"model": "dw7000",
"scope": "eq",
"trust": 0.3,
"vendor": "hughes",
"version": "0"
},
{
"model": "hn7740s",
"scope": "ne",
"trust": 0.3,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "hn7000s/sm",
"scope": "ne",
"trust": 0.3,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "dw7000",
"scope": "ne",
"trust": 0.3,
"vendor": "hughes",
"version": "6.9.0.34"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9497"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-608"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:hn7740s_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:hn7740s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:dw7000_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:dw7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:hn7000s_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:hn7000s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:hn7000sm_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:hn7000sm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9497"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "anonymous",
"sources": [
{
"db": "BID",
"id": "96244"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9497",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-98317",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9497",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-608",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-98317",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98317"
},
{
"db": "NVD",
"id": "CVE-2016-9497"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-608"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple Hughes Satellite Modems are prone to the following security vulnerabilities:\n1. Multiple denial-of-service vulnerabilities\n2. A hard-coded credentials vulnerability\n3. An authentication bypass vulnerability\nAn attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible. \nThe following products are vulnerable:\nHN7740S\nDW7000\nHN7000S/SM. Hughes satellite is a set of solutions for satellite broadband services from Hughes Corporation of the United States. HN7740S, DW7000 and HN7000S/SM are the modems used in it. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9497"
},
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "VULHUB",
"id": "VHN-98317"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#614751",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-9497",
"trust": 2.8
},
{
"db": "BID",
"id": "96244",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU93522863",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-608",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-98317",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "VULHUB",
"id": "VHN-98317"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9497"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-608"
}
]
},
"id": "VAR-201807-0129",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-98317"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:50:39.330000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Broadband Satellite Modems, Routers, and Appliances",
"trust": 0.8,
"url": "https://www.hughes.com/technologies/broadband-satellite-systems/hn-systems"
},
{
"title": "Multiple Hughes satellite modems Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68207"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-608"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-798",
"trust": 0.8
},
{
"problemtype": "CWE-306",
"trust": 0.8
},
{
"problemtype": "CWE-288",
"trust": 0.8
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98317"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9497"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/614751"
},
{
"trust": 1.7,
"url": "https://www.securityfocus.com/bid/96244"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9495"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9496"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9497"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9494"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93522863/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9497"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9494"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9495"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9496"
},
{
"trust": 0.3,
"url": "http://www.hughes.com"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/614751 "
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "VULHUB",
"id": "VHN-98317"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9497"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-608"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "VULHUB",
"id": "VHN-98317"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9497"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-608"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-15T00:00:00",
"db": "CERT/CC",
"id": "VU#614751"
},
{
"date": "2018-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-98317"
},
{
"date": "2017-02-15T00:00:00",
"db": "BID",
"id": "96244"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"date": "2018-07-13T20:29:01.910000",
"db": "NVD",
"id": "CVE-2016-9497"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-608"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-27T00:00:00",
"db": "CERT/CC",
"id": "VU#614751"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-98317"
},
{
"date": "2017-03-07T04:02:00",
"db": "BID",
"id": "96244"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"date": "2019-10-09T23:20:32.837000",
"db": "NVD",
"id": "CVE-2016-9497"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-608"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-608"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hughes satellite modems contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-608"
}
],
"trust": 0.6
}
}
VAR-201807-0127
Vulnerability from variot - Updated: 2023-12-18 12:50Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple denial-of-service vulnerabilities 2. A hard-coded credentials vulnerability 3. An authentication bypass vulnerability An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible. The following products are vulnerable: HN7740S DW7000 HN7000S/SM. Hughes satellite is a set of solutions for satellite broadband services from Hughes Corporation of the United States. HN7740S, DW7000 and HN7000S/SM are the modems used in it. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hn7000sm",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "dw7000",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "hn7000s",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "hn7740s",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kontron s t",
"version": null
},
{
"model": "dw7000",
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": "hn7000s/sm",
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": "hn7740s",
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": "hn7740s",
"scope": "eq",
"trust": 0.3,
"vendor": "hughes",
"version": "0"
},
{
"model": "hn7000s/sm",
"scope": "eq",
"trust": 0.3,
"vendor": "hughes",
"version": "0"
},
{
"model": "dw7000",
"scope": "eq",
"trust": 0.3,
"vendor": "hughes",
"version": "0"
},
{
"model": "hn7740s",
"scope": "ne",
"trust": 0.3,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "hn7000s/sm",
"scope": "ne",
"trust": 0.3,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "dw7000",
"scope": "ne",
"trust": 0.3,
"vendor": "hughes",
"version": "6.9.0.34"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9495"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-606"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:hn7740s_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:hn7740s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:dw7000_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:dw7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:hn7000s_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:hn7000s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:hn7000sm_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:hn7000sm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9495"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "anonymous",
"sources": [
{
"db": "BID",
"id": "96244"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9495",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-98315",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9495",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-606",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-98315",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98315"
},
{
"db": "NVD",
"id": "CVE-2016-9495"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-606"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device\u0027s default telnet port (23) can be obtained through using one of a few default credentials shared among all devices. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple denial-of-service vulnerabilities\n2. A hard-coded credentials vulnerability\n3. An authentication bypass vulnerability\nAn attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible. \nThe following products are vulnerable:\nHN7740S\nDW7000\nHN7000S/SM. Hughes satellite is a set of solutions for satellite broadband services from Hughes Corporation of the United States. HN7740S, DW7000 and HN7000S/SM are the modems used in it. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9495"
},
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "VULHUB",
"id": "VHN-98315"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#614751",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-9495",
"trust": 2.8
},
{
"db": "BID",
"id": "96244",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU93522863",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-606",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-98315",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "VULHUB",
"id": "VHN-98315"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9495"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-606"
}
]
},
"id": "VAR-201807-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-98315"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:50:39.265000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Broadband Satellite Modems, Routers, and Appliances",
"trust": 0.8,
"url": "https://www.hughes.com/technologies/broadband-satellite-systems/hn-systems"
},
{
"title": "Multiple Hughes satellite modems Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68209"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-606"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
},
{
"problemtype": "CWE-306",
"trust": 0.8
},
{
"problemtype": "CWE-288",
"trust": 0.8
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98315"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9495"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/614751"
},
{
"trust": 1.7,
"url": "https://www.securityfocus.com/bid/96244"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9495"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9496"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9497"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9494"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93522863/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9497"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9494"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9495"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9496"
},
{
"trust": 0.3,
"url": "http://www.hughes.com"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/614751 "
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "VULHUB",
"id": "VHN-98315"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9495"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-606"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "VULHUB",
"id": "VHN-98315"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9495"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-606"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-15T00:00:00",
"db": "CERT/CC",
"id": "VU#614751"
},
{
"date": "2018-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-98315"
},
{
"date": "2017-02-15T00:00:00",
"db": "BID",
"id": "96244"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"date": "2018-07-13T20:29:01.783000",
"db": "NVD",
"id": "CVE-2016-9495"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-606"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-27T00:00:00",
"db": "CERT/CC",
"id": "VU#614751"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-98315"
},
{
"date": "2017-03-07T04:02:00",
"db": "BID",
"id": "96244"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"date": "2019-10-09T23:20:32.490000",
"db": "NVD",
"id": "CVE-2016-9495"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-606"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-606"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hughes satellite modems contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-606"
}
],
"trust": 0.6
}
}
VAR-201807-0128
Vulnerability from variot - Updated: 2023-12-18 12:50Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple denial-of-service vulnerabilities 2. A hard-coded credentials vulnerability 3. An authentication bypass vulnerability An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible. The following products are vulnerable: HN7740S DW7000 HN7000S/SM. HN7740S, DW7000 and HN7000S/SM are the modems used in it. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0128",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hn7000sm",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "dw7000",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "hn7000s",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "hn7740s",
"scope": "eq",
"trust": 1.6,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kontron s t",
"version": null
},
{
"model": "dw7000",
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": "hn7000s/sm",
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": "hn7740s",
"scope": null,
"trust": 0.8,
"vendor": "hughes network",
"version": null
},
{
"model": "hn7740s",
"scope": "eq",
"trust": 0.3,
"vendor": "hughes",
"version": "0"
},
{
"model": "hn7000s/sm",
"scope": "eq",
"trust": 0.3,
"vendor": "hughes",
"version": "0"
},
{
"model": "dw7000",
"scope": "eq",
"trust": 0.3,
"vendor": "hughes",
"version": "0"
},
{
"model": "hn7740s",
"scope": "ne",
"trust": 0.3,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "hn7000s/sm",
"scope": "ne",
"trust": 0.3,
"vendor": "hughes",
"version": "6.9.0.34"
},
{
"model": "dw7000",
"scope": "ne",
"trust": 0.3,
"vendor": "hughes",
"version": "6.9.0.34"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9496"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-607"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:hn7740s_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:hn7740s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:dw7000_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:dw7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:hn7000s_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:hn7000s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hughes:hn7000sm_firmware:6.9.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hughes:hn7000sm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9496"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "anonymous",
"sources": [
{
"db": "BID",
"id": "96244"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9496",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-98316",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9496",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-607",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-98316",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98316"
},
{
"db": "NVD",
"id": "CVE-2016-9496"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-607"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple denial-of-service vulnerabilities\n2. A hard-coded credentials vulnerability\n3. An authentication bypass vulnerability\nAn attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible. \nThe following products are vulnerable:\nHN7740S\nDW7000\nHN7000S/SM. HN7740S, DW7000 and HN7000S/SM are the modems used in it. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9496"
},
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "VULHUB",
"id": "VHN-98316"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#614751",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-9496",
"trust": 2.8
},
{
"db": "BID",
"id": "96244",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU93522863",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-607",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-98316",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "VULHUB",
"id": "VHN-98316"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9496"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-607"
}
]
},
"id": "VAR-201807-0128",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-98316"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:50:39.232000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Broadband Satellite Modems, Routers, and Appliances",
"trust": 0.8,
"url": "https://www.hughes.com/technologies/broadband-satellite-systems/hn-systems"
},
{
"title": "Multiple Hughes satellite modems Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68208"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-607"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
},
{
"problemtype": "CWE-798",
"trust": 0.8
},
{
"problemtype": "CWE-288",
"trust": 0.8
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98316"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9496"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/614751"
},
{
"trust": 1.7,
"url": "https://www.securityfocus.com/bid/96244"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9495"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9496"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9497"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9494"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93522863/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9497"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9494"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9495"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9496"
},
{
"trust": 0.3,
"url": "http://www.hughes.com"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/614751 "
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "VULHUB",
"id": "VHN-98316"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9496"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-607"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#614751"
},
{
"db": "VULHUB",
"id": "VHN-98316"
},
{
"db": "BID",
"id": "96244"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"db": "NVD",
"id": "CVE-2016-9496"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-607"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-15T00:00:00",
"db": "CERT/CC",
"id": "VU#614751"
},
{
"date": "2018-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-98316"
},
{
"date": "2017-02-15T00:00:00",
"db": "BID",
"id": "96244"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"date": "2018-07-13T20:29:01.847000",
"db": "NVD",
"id": "CVE-2016-9496"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-607"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-27T00:00:00",
"db": "CERT/CC",
"id": "VU#614751"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-98316"
},
{
"date": "2017-03-07T04:02:00",
"db": "BID",
"id": "96244"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008414"
},
{
"date": "2019-10-09T23:20:32.663000",
"db": "NVD",
"id": "CVE-2016-9496"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-607"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-607"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hughes satellite modems contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#614751"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-607"
}
],
"trust": 0.6
}
}