CVE-2016-9497
moderate-risk
Published 2018-07-13
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem.
Do I need to act?
~
4.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
ADJACENT_NETWORK
/ LOW complexity
Affected Products (4)
Hn7740S Firmware
Dw7000 Firmware
Hn7000S Firmware
Hn7000Sm Firmware
Affected Vendors
References (4)
Third Party Advisory
https://www.kb.cert.org/vuls/id/614751
Third Party Advisory
https://www.securityfocus.com/bid/96244
Third Party Advisory
https://www.kb.cert.org/vuls/id/614751
Third Party Advisory
https://www.securityfocus.com/bid/96244
45
/ 100
moderate-risk
Severity
27/34 · High
Exploitability
8/34 · Low
Exposure
10/34 · Low