Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Aviator_200 | Cobham | - (including) | - (including) |
| Aviator_300 | Cobham | - (including) | - (including) |
| Aviator_350 | Cobham | - (including) | - (including) |
| Aviator_700d | Cobham | - (including) | - (including) |
| Explorer_bgan | Cobham | - (including) | - (including) |
| Sailor_900_vsat | Cobham | - (including) | - (including) |
| Sailor_fleetbroadband_150 | Cobham | - (including) | - (including) |
| Sailor_fleetbroadband_250 | Cobham | - (including) | - (including) |
| Sailor_fleetbroadband_500 | Cobham | - (including) | - (including) |