Details of VAR-201807-0128

ID

VAR-201807-0128

CVE

CVE-2016-9496

TITLE

Hughes satellite modems contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#614751

DESCRIPTION

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple denial-of-service vulnerabilities 2. A hard-coded credentials vulnerability 3. An authentication bypass vulnerability An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible. The following products are vulnerable: HN7740S DW7000 HN7000S/SM. HN7740S, DW7000 and HN7000S/SM are the modems used in it. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34

Trust: 2.7

sources: NVD: CVE-2016-9496 // CERT/CC: VU#614751 // JVNDB: JVNDB-2016-008414 // BID: 96244 // VULHUB: VHN-98316

AFFECTED PRODUCTS

vendor:	hughes	model:	hn7000sm	scope:	eq	version:	6.9.0.34	Trust: 1.6
vendor:	hughes	model:	dw7000	scope:	eq	version:	6.9.0.34	Trust: 1.6
vendor:	hughes	model:	hn7000s	scope:	eq	version:	6.9.0.34	Trust: 1.6
vendor:	hughes	model:	hn7740s	scope:	eq	version:	6.9.0.34	Trust: 1.6
vendor:	hughes network	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	kontron s t	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	hughes network	model:	dw7000	scope:	-	version:	-	Trust: 0.8
vendor:	hughes network	model:	hn7000s/sm	scope:	-	version:	-	Trust: 0.8
vendor:	hughes network	model:	hn7740s	scope:	-	version:	-	Trust: 0.8
vendor:	hughes	model:	hn7740s	scope:	eq	version:	0	Trust: 0.3
vendor:	hughes	model:	hn7000s/sm	scope:	eq	version:	0	Trust: 0.3
vendor:	hughes	model:	dw7000	scope:	eq	version:	0	Trust: 0.3
vendor:	hughes	model:	hn7740s	scope:	ne	version:	6.9.0.34	Trust: 0.3
vendor:	hughes	model:	hn7000s/sm	scope:	ne	version:	6.9.0.34	Trust: 0.3
vendor:	hughes	model:	dw7000	scope:	ne	version:	6.9.0.34	Trust: 0.3

sources: CERT/CC: VU#614751 // BID: 96244 // JVNDB: JVNDB-2016-008414 // NVD: CVE-2016-9496 // CNNVD: CNNVD-201702-607

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-9496
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201702-607
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-98316
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
VULHUB:	VHN-98316
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT_NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-98316 // NVD: CVE-2016-9496 // CNNVD: CNNVD-201702-607

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.9
problemtype:	CWE-798	Trust: 0.8
problemtype:	CWE-288	Trust: 0.8
problemtype:	CWE-20	Trust: 0.8

sources: VULHUB: VHN-98316 // JVNDB: JVNDB-2016-008414 // NVD: CVE-2016-9496

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201702-607

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201702-607

CONFIGURATIONS

sources: NVD: CVE-2016-9496

PATCH

title:	Broadband Satellite Modems, Routers, and Appliances	url:	https://www.hughes.com/technologies/broadband-satellite-systems/hn-systems	Trust: 0.8
title:	Multiple Hughes satellite modems Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68208	Trust: 0.6

sources: JVNDB: JVNDB-2016-008414 // CNNVD: CNNVD-201702-607

EXTERNAL IDS

db:	CERT/CC	id:	VU#614751	Trust: 3.6
db:	NVD	id:	CVE-2016-9496	Trust: 2.8
db:	BID	id:	96244	Trust: 2.0
db:	JVN	id:	JVNVU93522863	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-008414	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-607	Trust: 0.7
db:	VULHUB	id:	VHN-98316	Trust: 0.1

sources: CERT/CC: VU#614751 // VULHUB: VHN-98316 // BID: 96244 // JVNDB: JVNDB-2016-008414 // NVD: CVE-2016-9496 // CNNVD: CNNVD-201702-607

REFERENCES

url:	https://www.kb.cert.org/vuls/id/614751	Trust: 2.5
url:	https://www.securityfocus.com/bid/96244	Trust: 1.7
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9495	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9496	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9497	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9494	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93522863/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9497	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9494	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9495	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9496	Trust: 0.8
url:	http://www.hughes.com	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/614751	Trust: 0.3

sources: CERT/CC: VU#614751 // VULHUB: VHN-98316 // BID: 96244 // JVNDB: JVNDB-2016-008414 // NVD: CVE-2016-9496 // CNNVD: CNNVD-201702-607

CREDITS

anonymous

Trust: 0.3

sources: BID: 96244

SOURCES

db:	CERT/CC	id:	VU#614751
db:	VULHUB	id:	VHN-98316
db:	BID	id:	96244
db:	JVNDB	id:	JVNDB-2016-008414
db:	NVD	id:	CVE-2016-9496
db:	CNNVD	id:	CNNVD-201702-607

LAST UPDATE DATE

2023-12-18T12:50:39.232000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#614751	date:	2018-02-27T00:00:00
db:	VULHUB	id:	VHN-98316	date:	2019-10-09T00:00:00
db:	BID	id:	96244	date:	2017-03-07T04:02:00
db:	JVNDB	id:	JVNDB-2016-008414	date:	2017-05-17T00:00:00
db:	NVD	id:	CVE-2016-9496	date:	2019-10-09T23:20:32.663
db:	CNNVD	id:	CNNVD-201702-607	date:	2019-10-17T00:00:00

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#614751	date:	2017-02-15T00:00:00
db:	VULHUB	id:	VHN-98316	date:	2018-07-13T00:00:00
db:	BID	id:	96244	date:	2017-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2016-008414	date:	2017-05-17T00:00:00
db:	NVD	id:	CVE-2016-9496	date:	2018-07-13T20:29:01.847
db:	CNNVD	id:	CNNVD-201702-607	date:	2017-02-20T00:00:00