cvelistv5 - cve-2016-9494

CVE-2016-9494 (GCVE-0-2016-9494)

Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 02:50

Summary

Severity ?

No CVSS data available.

CWE

CWE-20

Assigner

certcc

References

URL

Tags

	https://www.securityfocus.com/bid/96244	vdb-entryx_refsource_BID
	https://www.kb.cert.org/vuls/id/614751	third-party-advisoryx_refsource_CERT-VN

Impacted products

Vendor

Product

Version

Hughes Satellite Modem

HN7740S

Unknown: N/A

	Hughes Satellite Modem	DW7000	Unknown: N/A
	Hughes Satellite Modem	HN7000S/SM	Unknown: N/A

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.659Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96244",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "https://www.securityfocus.com/bid/96244"
          },
          {
            "name": "VU#614751",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/614751"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HN7740S",
          "vendor": "Hughes Satellite Modem",
          "versions": [
            {
              "status": "unknown",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "DW7000",
          "vendor": "Hughes Satellite Modem",
          "versions": [
            {
              "status": "unknown",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "HN7000S/SM",
          "vendor": "Hughes Satellite Modem",
          "versions": [
            {
              "status": "unknown",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2017-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-13T19:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "96244",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "https://www.securityfocus.com/bid/96244"
        },
        {
          "name": "VU#614751",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/614751"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation, potentially leading to denial of service",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-9494",
          "STATE": "PUBLIC",
          "TITLE": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation, potentially leading to denial of service"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HN7740S",
                      "version": {
                        "version_data": [
                          {
                            "affected": "?",
                            "version_affected": "?",
                            "version_value": "N/A"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "DW7000",
                      "version": {
                        "version_data": [
                          {
                            "affected": "?",
                            "version_affected": "?",
                            "version_value": "N/A"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "HN7000S/SM",
                      "version": {
                        "version_data": [
                          {
                            "affected": "?",
                            "version_affected": "?",
                            "version_value": "N/A"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Hughes Satellite Modem"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96244",
              "refsource": "BID",
              "url": "https://www.securityfocus.com/bid/96244"
            },
            {
              "name": "VU#614751",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/614751"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-9494",
    "datePublished": "2018-07-13T20:00:00",
    "dateReserved": "2016-11-21T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hughes:hn7740s_firmware:6.9.0.34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9029731-A889-43E7-BBC0-38E982690D57\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hughes:hn7740s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF1B8214-EE17-49B6-8084-D9195F989961\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hughes:dw7000_firmware:6.9.0.34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A98920BD-1929-419A-961A-CA0F09187693\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hughes:dw7000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A154763-BFF7-4541-9036-34B85BA18479\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hughes:hn7000s_firmware:6.9.0.34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27F4528C-7D87-4B5A-A330-A09F555AE36D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hughes:hn7000s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91470E55-2227-489A-BEB5-86C151F32344\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hughes:hn7000sm_firmware:6.9.0.34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA234B78-E832-4493-BFCD-AECEAC3CCA02\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hughes:hn7000sm:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AAB1D14-3EA2-46C7-9010-87750F19DF24\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service.\"}, {\"lang\": \"es\", \"value\": \"Los m\\u00f3dems por sat\\u00e9lite de alto rendimiento de banda ancha de Hughes, en sus modelos HN7740S DW7000 HN7000S/SM, son potencialmente vulnerables a una validaci\\u00f3n de entradas incorrecta. La p\\u00e1gina web de estado avanzada del dispositivo que est\\u00e1 enlazada desde la p\\u00e1gina web de estado b\\u00e1sica no parece analizar correctamente las peticiones GET mal formadas. Esto podr\\u00eda conducir a una denegaci\\u00f3n de servicio.\"}]",
      "id": "CVE-2016-9494",
      "lastModified": "2024-11-21T03:01:19.513",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 3.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.5, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-07-13T20:29:01.737",
      "references": "[{\"url\": \"https://www.kb.cert.org/vuls/id/614751\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.securityfocus.com/bid/96244\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/614751\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.securityfocus.com/bid/96244\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cret@cert.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-9494\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-07-13T20:29:01.737\",\"lastModified\":\"2024-11-21T03:01:19.513\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service.\"},{\"lang\":\"es\",\"value\":\"Los m\u00f3dems por sat\u00e9lite de alto rendimiento de banda ancha de Hughes, en sus modelos HN7740S DW7000 HN7000S/SM, son potencialmente vulnerables a una validaci\u00f3n de entradas incorrecta. La p\u00e1gina web de estado avanzada del dispositivo que est\u00e1 enlazada desde la p\u00e1gina web de estado b\u00e1sica no parece analizar correctamente las peticiones GET mal formadas. Esto podr\u00eda conducir a una denegaci\u00f3n de servicio.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":3.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hughes:hn7740s_firmware:6.9.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9029731-A889-43E7-BBC0-38E982690D57\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hughes:hn7740s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1B8214-EE17-49B6-8084-D9195F989961\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hughes:dw7000_firmware:6.9.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A98920BD-1929-419A-961A-CA0F09187693\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hughes:dw7000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A154763-BFF7-4541-9036-34B85BA18479\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hughes:hn7000s_firmware:6.9.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27F4528C-7D87-4B5A-A330-A09F555AE36D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hughes:hn7000s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91470E55-2227-489A-BEB5-86C151F32344\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hughes:hn7000sm_firmware:6.9.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA234B78-E832-4493-BFCD-AECEAC3CCA02\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hughes:hn7000sm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AAB1D14-3EA2-46C7-9010-87750F19DF24\"}]}]}],\"references\":[{\"url\":\"https://www.kb.cert.org/vuls/id/614751\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.securityfocus.com/bid/96244\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/614751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.securityfocus.com/bid/96244\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

GSD-2016-9494

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-9494

Aliases

CVE-2016-9494

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-9494",
    "description": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service.",
    "id": "GSD-2016-9494"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-9494"
      ],
      "details": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service.",
      "id": "GSD-2016-9494",
      "modified": "2023-12-13T01:21:21.250455Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2016-9494",
        "STATE": "PUBLIC",
        "TITLE": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation, potentially leading to denial of service"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "HN7740S",
                    "version": {
                      "version_data": [
                        {
                          "affected": "?",
                          "version_value": "N/A"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "DW7000",
                    "version": {
                      "version_data": [
                        {
                          "affected": "?",
                          "version_value": "N/A"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "HN7000S/SM",
                    "version": {
                      "version_data": [
                        {
                          "affected": "?",
                          "version_value": "N/A"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Hughes Satellite Modem"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "96244",
            "refsource": "BID",
            "url": "https://www.securityfocus.com/bid/96244"
          },
          {
            "name": "VU#614751",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/614751"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hughes:hn7740s_firmware:6.9.0.34:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hughes:hn7740s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hughes:dw7000_firmware:6.9.0.34:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hughes:dw7000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hughes:hn7000s_firmware:6.9.0.34:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hughes:hn7000s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hughes:hn7000sm_firmware:6.9.0.34:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hughes:hn7000sm:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-9494"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96244",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.securityfocus.com/bid/96244"
            },
            {
              "name": "VU#614751",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/614751"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:20Z",
      "publishedDate": "2018-07-13T20:29Z"
    }
  }
}

VAR-201807-0126

Vulnerability from variot - Updated: 2023-12-18 12:50

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple Hughes Satellite Modems are prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. A hard-coded credentials vulnerability 3. An authentication bypass vulnerability An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible. The following products are vulnerable: HN7740S DW7000 HN7000S/SM. Hughes satellite is a set of solutions for satellite broadband services from Hughes Corporation of the United States. HN7740S, DW7000 and HN7000S/SM are the modems used in it. An attacker could exploit this vulnerability by sending a specially crafted GET request to cause a denial of service. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0126",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hn7000sm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hughes",
        "version": "6.9.0.34"
      },
      {
        "model": "dw7000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hughes",
        "version": "6.9.0.34"
      },
      {
        "model": "hn7000s",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hughes",
        "version": "6.9.0.34"
      },
      {
        "model": "hn7740s",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hughes",
        "version": "6.9.0.34"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hughes network",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "kontron s t",
        "version": null
      },
      {
        "model": "dw7000",
        "scope": null,
        "trust": 0.8,
        "vendor": "hughes network",
        "version": null
      },
      {
        "model": "hn7000s/sm",
        "scope": null,
        "trust": 0.8,
        "vendor": "hughes network",
        "version": null
      },
      {
        "model": "hn7740s",
        "scope": null,
        "trust": 0.8,
        "vendor": "hughes network",
        "version": null
      },
      {
        "model": "hn7740s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hughes",
        "version": "0"
      },
      {
        "model": "hn7000s/sm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hughes",
        "version": "0"
      },
      {
        "model": "dw7000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hughes",
        "version": "0"
      },
      {
        "model": "hn7740s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hughes",
        "version": "6.9.0.34"
      },
      {
        "model": "hn7000s/sm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hughes",
        "version": "6.9.0.34"
      },
      {
        "model": "dw7000",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hughes",
        "version": "6.9.0.34"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#614751"
      },
      {
        "db": "BID",
        "id": "96244"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008414"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-605"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hughes:hn7740s_firmware:6.9.0.34:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hughes:hn7740s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hughes:dw7000_firmware:6.9.0.34:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hughes:dw7000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hughes:hn7000s_firmware:6.9.0.34:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hughes:hn7000s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hughes:hn7000sm_firmware:6.9.0.34:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hughes:hn7000sm:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-9494"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "anonymous",
    "sources": [
      {
        "db": "BID",
        "id": "96244"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-9494",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "VHN-98314",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-9494",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-605",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-98314",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-98314"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-605"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple Hughes Satellite Modems are prone to the following security vulnerabilities:\n1. Multiple  denial-of-service vulnerabilities\n2. A hard-coded credentials vulnerability\n3. An authentication bypass vulnerability\nAn attacker can exploit these issues to  gain  access to bypass certain security restrictions and obtain potentially   sensitive information, perform unauthorized actions, or cause  denial-of-service condition on the affected device. Other attacks are  also possible. \nThe following products are vulnerable:\nHN7740S\nDW7000\nHN7000S/SM. Hughes satellite is a set of solutions for satellite broadband services from Hughes Corporation of the United States. HN7740S, DW7000 and HN7000S/SM are the modems used in it. An attacker could exploit this vulnerability by sending a specially crafted GET request to cause a denial of service. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-9494"
      },
      {
        "db": "CERT/CC",
        "id": "VU#614751"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008414"
      },
      {
        "db": "BID",
        "id": "96244"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98314"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#614751",
        "trust": 3.6
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9494",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "96244",
        "trust": 2.0
      },
      {
        "db": "JVN",
        "id": "JVNVU93522863",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008414",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-605",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-98314",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#614751"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98314"
      },
      {
        "db": "BID",
        "id": "96244"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008414"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-605"
      }
    ]
  },
  "id": "VAR-201807-0126",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-98314"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:50:39.297000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Broadband Satellite Modems, Routers, and Appliances",
        "trust": 0.8,
        "url": "https://www.hughes.com/technologies/broadband-satellite-systems/hn-systems"
      },
      {
        "title": "Multiple Hughes satellite modems Fixes for product input validation vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68210"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008414"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-605"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-798",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-306",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-288",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-98314"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008414"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9494"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.kb.cert.org/vuls/id/614751"
      },
      {
        "trust": 1.7,
        "url": "https://www.securityfocus.com/bid/96244"
      },
      {
        "trust": 0.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 0.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 0.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9495"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9496"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9497"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9494"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu93522863/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9497"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9494"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9495"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9496"
      },
      {
        "trust": 0.3,
        "url": "http://www.hughes.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/614751 "
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#614751"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98314"
      },
      {
        "db": "BID",
        "id": "96244"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008414"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-605"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#614751"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98314"
      },
      {
        "db": "BID",
        "id": "96244"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008414"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-605"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#614751"
      },
      {
        "date": "2018-07-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-98314"
      },
      {
        "date": "2017-02-15T00:00:00",
        "db": "BID",
        "id": "96244"
      },
      {
        "date": "2017-05-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008414"
      },
      {
        "date": "2018-07-13T20:29:01.737000",
        "db": "NVD",
        "id": "CVE-2016-9494"
      },
      {
        "date": "2017-02-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-605"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-02-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#614751"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-98314"
      },
      {
        "date": "2017-03-07T04:02:00",
        "db": "BID",
        "id": "96244"
      },
      {
        "date": "2017-05-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008414"
      },
      {
        "date": "2019-10-09T23:20:32.320000",
        "db": "NVD",
        "id": "CVE-2016-9494"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-605"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-605"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hughes satellite modems contain multiple vulnerabilities",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#614751"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-605"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2016-9494

Vulnerability from fkie_nvd - Published: 2018-07-13 20:29 - Updated: 2024-11-21 03:01

Severity ?

6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cret@cert.org	https://www.kb.cert.org/vuls/id/614751	Third Party Advisory, US Government Resource
cret@cert.org	https://www.securityfocus.com/bid/96244	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/614751	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.securityfocus.com/bid/96244	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
hughes	hn7740s_firmware	6.9.0.34
hughes	hn7740s	-
hughes	dw7000_firmware	6.9.0.34
hughes	dw7000	-
hughes	hn7000s_firmware	6.9.0.34
hughes	hn7000s	-
hughes	hn7000sm_firmware	6.9.0.34
hughes	hn7000sm	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hughes:hn7740s_firmware:6.9.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9029731-A889-43E7-BBC0-38E982690D57",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hughes:hn7740s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1B8214-EE17-49B6-8084-D9195F989961",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hughes:dw7000_firmware:6.9.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98920BD-1929-419A-961A-CA0F09187693",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hughes:dw7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A154763-BFF7-4541-9036-34B85BA18479",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hughes:hn7000s_firmware:6.9.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "27F4528C-7D87-4B5A-A330-A09F555AE36D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hughes:hn7000s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91470E55-2227-489A-BEB5-86C151F32344",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hughes:hn7000sm_firmware:6.9.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA234B78-E832-4493-BFCD-AECEAC3CCA02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hughes:hn7000sm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AAB1D14-3EA2-46C7-9010-87750F19DF24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service."
    },
    {
      "lang": "es",
      "value": "Los m\u00f3dems por sat\u00e9lite de alto rendimiento de banda ancha de Hughes, en sus modelos HN7740S DW7000 HN7000S/SM, son potencialmente vulnerables a una validaci\u00f3n de entradas incorrecta. La p\u00e1gina web de estado avanzada del dispositivo que est\u00e1 enlazada desde la p\u00e1gina web de estado b\u00e1sica no parece analizar correctamente las peticiones GET mal formadas. Esto podr\u00eda conducir a una denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2016-9494",
  "lastModified": "2024-11-21T03:01:19.513",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-13T20:29:01.737",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/614751"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.securityfocus.com/bid/96244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/614751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.securityfocus.com/bid/96244"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2QHR-9G3C-C9F6

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-9494"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-13T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service.",
  "id": "GHSA-2qhr-9g3c-c9f6",
  "modified": "2022-05-13T01:38:30Z",
  "published": "2022-05-13T01:38:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9494"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/614751"
    },
    {
      "type": "WEB",
      "url": "https://www.securityfocus.com/bid/96244"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-9494 (GCVE-0-2016-9494)

GSD-2016-9494

VAR-201807-0126

FKIE_CVE-2016-9494

GHSA-2QHR-9G3C-C9F6

Tags

Sightings

Nomenclature