Sign-up

ID

VAR-201807-0049


CVE

CVE-2016-6551


TITLE

Intellian Satellite TV t-Series and v-Series firmware contains insecure default credentials

Trust: 0.8

sources: CERT/CC: VU#200907

DESCRIPTION

Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device. Intellian Satellite TV t-Series and Satellite Communications v-Series The common authentication information is set in. Certificate and password management (CWE-255) - CVE-2016-6551 Intellian Satellite TV t-Series and Satellite Communications v-Series By default, the authentication information "ftp/ftp" Or "intellian:12345678" Is set.A remote attacker may gain access to the device with administrator privileges. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. t-Series and v-Series are T-Series and V-Series antennas among them

Trust: 2.79

sources: NVD: CVE-2016-6551 // CERT/CC: VU#200907 // JVNDB: JVNDB-2016-005557 // BID: 93808 // VULHUB: VHN-95371 // VULMON: CVE-2016-6551

AFFECTED PRODUCTS

vendor:intelliantechmodel:t130qscope:eqversion:1.07

Trust: 1.6

vendor:intelliantechmodel:v80gscope:eqversion:1.07

Trust: 1.6

vendor:intelliantechmodel:t130wscope:eqversion:1.07

Trust: 1.6

vendor:intelliantechmodel:t80wscope:eqversion:1.07

Trust: 1.6

vendor:intelliantechmodel:t110wscope:eqversion:1.07

Trust: 1.6

vendor:intelliantechmodel:t80qscope:eqversion:1.07

Trust: 1.6

vendor:intelliantechmodel:t100wscope:eqversion:1.07

Trust: 1.6

vendor:intelliantechmodel:t240ckscope:eqversion:1.07

Trust: 1.6

vendor:intelliantechmodel:t100qscope:eqversion:1.07

Trust: 1.6

vendor:intelliantechmodel:t110qscope:eqversion:1.07

Trust: 1.6

vendor:intelliantechmodel:v60scope:eqversion:1.07

Trust: 1.0

vendor:intelliantechmodel:v60kascope:eqversion:1.07

Trust: 1.0

vendor:intelliantechmodel:v65scope:eqversion:1.07

Trust: 1.0

vendor:intellianmodel:satellite communications v-seriesscope: - version: -

Trust: 0.8

vendor:intellianmodel:satellite tv t-seriesscope: - version: -

Trust: 0.8

vendor:intellianmodel:satellite tv v-seriesscope:eqversion:1.07

Trust: 0.3

vendor:intellianmodel:satellite tv t-seriesscope:eqversion:1.07

Trust: 0.3

sources: BID: 93808 // JVNDB: JVNDB-2016-005557 // CNNVD: CNNVD-201610-695 // NVD: CVE-2016-6551

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6551
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-6551
value: MEDIUM

Trust: 0.8

IPA: JVNDB-2016-005557
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201610-695
value: CRITICAL

Trust: 0.6

VULHUB: VHN-95371
value: HIGH

Trust: 0.1

VULMON: CVE-2016-6551
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6551
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2016-6551
severity: MEDIUM
baseScore: 4.4
vectorString: NONE
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2016-005557
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-95371
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6551
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2016-005557
baseSeverity: MEDIUM
baseScore: 5.6
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CERT/CC: VU#200907 // VULHUB: VHN-95371 // VULMON: CVE-2016-6551 // JVNDB: JVNDB-2016-005557 // CNNVD: CNNVD-201610-695 // NVD: CVE-2016-6551

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-95371 // JVNDB: JVNDB-2016-005557 // NVD: CVE-2016-6551

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-695

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201610-695

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005557

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#200907

PATCH
title:Satellite TV t-Seriesurl:http://www.intelliantech.com/Sattv/t-Series
Trust: 0.8
title:Satellite Communications v-Seriesurl:http://www.intelliantech.com/Satcom/v-series
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-005557

EXTERNAL IDS
db:CERT/CCid:VU#200907
Trust: 3.7
db:NVDid:CVE-2016-6551
Trust: 2.9
db:BIDid:93808
Trust: 2.1
db:JVNid:JVNVU91832696
Trust: 0.8
db:JVNDBid:JVNDB-2016-005557
Trust: 0.8
db:CNNVDid:CNNVD-201610-695
Trust: 0.7
db:VULHUBid:VHN-95371
Trust: 0.1
db:VULMONid:CVE-2016-6551
Trust: 0.1
sources:
            
            
            CERT/CC: VU#200907 // 
            
            
            
            VULHUB: VHN-95371 // 
            
            
            
            VULMON: CVE-2016-6551 // 
            
            
            
            BID: 93808 // 
            
            
            
            JVNDB: JVNDB-2016-005557 // 
            
            
            
            CNNVD: CNNVD-201610-695 // 
            
            
            
            NVD: CVE-2016-6551

REFERENCES
url:https://www.kb.cert.org/vuls/id/200907
Trust: 3.0
url:http://www.securityfocus.com/bid/93808
Trust: 1.9
url:https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf
Trust: 1.6
url:http://cwe.mitre.org/data/definitions/255.html
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6551
Trust: 0.8
url:http://jvn.jp/vu/jvnvu91832696/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-6551
Trust: 0.8
url:http://www.intelliantech.com/sattv
Trust: 0.3
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CERT/CC: VU#200907 // 
            
            
            
            VULHUB: VHN-95371 // 
            
            
            
            VULMON: CVE-2016-6551 // 
            
            
            
            BID: 93808 // 
            
            
            
            JVNDB: JVNDB-2016-005557 // 
            
            
            
            CNNVD: CNNVD-201610-695 // 
            
            
            
            NVD: CVE-2016-6551

CREDITS
Ory Segal and Ezra Caltum
Trust: 0.9
sources:
            
            
            BID: 93808 // 
            
            
            
            CNNVD: CNNVD-201610-695

SOURCES
db:CERT/CCid:VU#200907
db:VULHUBid:VHN-95371
db:VULMONid:CVE-2016-6551
db:BIDid:93808
db:JVNDBid:JVNDB-2016-005557
db:CNNVDid:CNNVD-201610-695
db:NVDid:CVE-2016-6551

LAST UPDATE DATE
2024-11-23T22:52:03.164000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#200907date:2016-10-20T00:00:00
db:VULHUBid:VHN-95371date:2019-10-09T00:00:00
db:VULMONid:CVE-2016-6551date:2019-10-09T00:00:00
db:BIDid:93808date:2016-10-26T01:16:00
db:JVNDBid:JVNDB-2016-005557date:2016-10-24T00:00:00
db:CNNVDid:CNNVD-201610-695date:2019-10-17T00:00:00
db:NVDid:CVE-2016-6551date:2024-11-21T02:56:20.333

SOURCES RELEASE DATE
db:CERT/CCid:VU#200907date:2016-10-20T00:00:00
db:VULHUBid:VHN-95371date:2018-07-13T00:00:00
db:VULMONid:CVE-2016-6551date:2018-07-13T00:00:00
db:BIDid:93808date:2016-10-20T00:00:00
db:JVNDBid:JVNDB-2016-005557date:2016-10-24T00:00:00
db:CNNVDid:CNNVD-201610-695date:2016-10-25T00:00:00
db:NVDid:CVE-2016-6551date:2018-07-13T20:29:00.613