CVE-2018-5386

Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak.
Configurations

Configuration 1 (hide)

cpe:2.3:a:navarino:infinity:*:*:*:*:*:*:*:*

History

07 Nov 2023, 02:58

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3', 'name': 'https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3', 'tags': ['Exploit', 'Press/Media Coverage', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3 -

Information

Published : 2018-07-24 15:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-5386

Mitre link : CVE-2018-5386

CVE.ORG link : CVE-2018-5386


JSON object : View

Products Affected

navarino

  • infinity
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-288

Authentication Bypass Using an Alternate Path or Channel