CVE-2016-9494 (GCVE-0-2016-9494)
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-06 02:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service.
References
| ► | URL | Tags | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Hughes Satellite Modem | HN7740S | ||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96244",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/96244"
},
{
"name": "VU#614751",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/614751"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HN7740S",
"vendor": "Hughes Satellite Modem",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DW7000",
"vendor": "Hughes Satellite Modem",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "HN7000S/SM",
"vendor": "Hughes Satellite Modem",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
}
],
"datePublic": "2017-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-13T19:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "96244",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/96244"
},
{
"name": "VU#614751",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/614751"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation, potentially leading to denial of service",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9494",
"STATE": "PUBLIC",
"TITLE": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation, potentially leading to denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HN7740S",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DW7000",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "HN7000S/SM",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Hughes Satellite Modem"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96244",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/96244"
},
{
"name": "VU#614751",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/614751"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-9494",
"datePublished": "2018-07-13T20:00:00",
"dateReserved": "2016-11-21T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2016-9494\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-07-13T20:29:01.737\",\"lastModified\":\"2024-11-21T03:01:19.513\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device\u0027s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service.\"},{\"lang\":\"es\",\"value\":\"Los m\u00f3dems por sat\u00e9lite de alto rendimiento de banda ancha de Hughes, en sus modelos HN7740S DW7000 HN7000S/SM, son potencialmente vulnerables a una validaci\u00f3n de entradas incorrecta. La p\u00e1gina web de estado avanzada del dispositivo que est\u00e1 enlazada desde la p\u00e1gina web de estado b\u00e1sica no parece analizar correctamente las peticiones GET mal formadas. Esto podr\u00eda conducir a una denegaci\u00f3n de servicio.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":3.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hughes:hn7740s_firmware:6.9.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9029731-A889-43E7-BBC0-38E982690D57\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hughes:hn7740s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1B8214-EE17-49B6-8084-D9195F989961\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hughes:dw7000_firmware:6.9.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A98920BD-1929-419A-961A-CA0F09187693\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hughes:dw7000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A154763-BFF7-4541-9036-34B85BA18479\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hughes:hn7000s_firmware:6.9.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27F4528C-7D87-4B5A-A330-A09F555AE36D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hughes:hn7000s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91470E55-2227-489A-BEB5-86C151F32344\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hughes:hn7000sm_firmware:6.9.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA234B78-E832-4493-BFCD-AECEAC3CCA02\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hughes:hn7000sm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AAB1D14-3EA2-46C7-9010-87750F19DF24\"}]}]}],\"references\":[{\"url\":\"https://www.kb.cert.org/vuls/id/614751\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.securityfocus.com/bid/96244\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/614751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.securityfocus.com/bid/96244\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…