Friday, August 8, 2014

Iridium Pilot and OpenPort terminals have multiple vulnerabilities

Vulnerability Note VU#578598 - Iridium Pilot and OpenPort contain multiple vulnerabilities

Broadband satellite terminals using Iridium Pilot and OpenPort have been
found to contain undocumented hardcoded login credentials (CWE-798).
Additionally, these broadband satellite terminals utilize an insecure
proprietary communications protocol that allows unauthenticated users to
perform privileged operations on the devices (CWE-306)



A remote unauthenticated attacker may be able to gain privileged access
to the device. Additionally, a remote unauthenticated attacker may be
able to execute arbitrary code on the device.

No comments: