CVE-2019-9531 – CVE-2019-9531 allows unauthenticated remote att... (How to Fix)

Q: What is the severity of CVE-2019-9531?

CVE-2019-9531 has a CVSS score of 9.8 (CRITICAL). CVE-2019-9531 allows unauthenticated remote attackers to connect via Telnet to port 5454 on Cobham EXPLORER 710 satellite terminals and execute AT commands, potentially gaining shell-like access. This affects organizations using these devices for remote connectivity, particularly in maritime, aviation, and mobile operations.

📋 TL;DR

CVE-2019-9531 allows unauthenticated remote attackers to connect via Telnet to port 5454 on Cobham EXPLORER 710 satellite terminals and execute AT commands, potentially gaining shell-like access. This affects organizations using these devices for remote connectivity, particularly in maritime, aviation, and mobile operations.

💻 Affected Systems

Products:

Cobham EXPLORER 710

Versions: Firmware version 1.07

Operating Systems: Embedded system

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with the web application portal enabled and accessible.

📦 What is this software?

Explorer 710 Firmware by Cobham

View all CVEs affecting Explorer 710 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to intercept communications, modify device configuration, install persistent backdoors, or use the device as a pivot point into connected networks.

🟠

Likely Case

Unauthorized access to device configuration, potential data interception, and disruption of satellite communications services.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict network segmentation and access controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple telnet connection to port 5454 with no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version 1.08 or later

Vendor Advisory: https://www.cobham.com/satcom/explorer-710/

Restart Required: Yes

Instructions:

1. Download latest firmware from Cobham support portal. 2. Upload firmware via web interface. 3. Apply update. 4. Reboot device.

🔧 Temporary Workarounds

Block port 5454

linux

Use firewall rules to block external access to port 5454

iptables -A INPUT -p tcp --dport 5454 -j DROP

Disable web portal

all

Disable the web application portal if not required

🧯 If You Can't Patch

Place devices behind firewalls with strict inbound rules blocking port 5454
Implement network segmentation to isolate EXPLORER 710 devices from critical networks

🔍 How to Verify

Check if Vulnerable:

Attempt telnet connection to device IP on port 5454. If connection succeeds without authentication, device is vulnerable.

Check Version:

Check firmware version in web interface under System > About

Verify Fix Applied:

After patching, attempt telnet connection to port 5454. Connection should be refused or require authentication.

📡 Detection & Monitoring

Log Indicators:

Telnet connections to port 5454
Unauthorized AT command execution

Network Indicators:

Outbound connections from port 5454
Unusual AT command traffic

SIEM Query:

source_port=5454 OR dest_port=5454

📊 Metadata

CVE ID: CVE-2019-9531

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

Published: October 10, 2019

Last Updated: November 21, 2024

🔗 References

https://kb.cert.org/vuls/id/719689/ Third Party Advisory,US Government Resource
https://kb.cert.org/vuls/id/719689/ Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-9531, you might also want to check these: