CVE-2018-5266 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Cobham	Sea Tel 121 Firmware	222701
Cobham	Sea Tel 121	-

Related Weaknesses (CWE)

CWE-200

References

http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.hExploitThird Party Advisory
http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.hExploitThird Party Advisory

FAQ

What is CVE-2018-5266?

CVE-2018-5266 is a vulnerability with a CVSS score of 7.5 (HIGH). Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: defaul...

How severe is CVE-2018-5266?

CVE-2018-5266 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-5266?

Check the references section above for vendor advisories and patch information. Affected products include: Cobham Sea Tel 121 Firmware, Cobham Sea Tel 121.