CVE-2019-9531

The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to a port that can run AT commands

EPSS 2.5%CWE-284

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 2.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

10 Oct 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device.

Affected products

Cobham plc · Explorer 710

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://kb.cert.org/vuls/id/719689/