CVE-2016-9496

MEDIUM

Hughes HN7740S DW7000 HN7000S/SM Firmware - Unauthenticated Denial of Service via Reboot Endpoint

Title source: llm
STIX 2.1

Description

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
https://www.securityfocus.com/bid/96244
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/614751

Scores

CVSS v3 6.5
EPSS 0.0090
EPSS Percentile 55.1%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-306
Status published
Products (4)
hughes/dw7000_firmware 6.9.0.34
hughes/hn7000s_firmware 6.9.0.34
hughes/hn7000sm_firmware 6.9.0.34
hughes/hn7740s_firmware 6.9.0.34
Published Jul 13, 2018
Tracked Since Feb 18, 2026