Contact Us Blog

Cobham Satcom 800 / 900 Vulnerabilities

The CyberSKR Maritime Security Team recently identified multiple vulenerabilities in Cobham Satcom products, specifically the Sailor 800 / 900 VSAT systems.

Cobham Satcom 250 / 500 Vulnerabilities

The CyberSKR Maritime Security Team recently identified multiple vulenerabilities in Cobham Satcom products, specifically the Sailor 250 / 500 VSAT systems (version <1.25).

Furuno Felcom250 / Felcom500 Vulnerabilities

The CyberSKR Maritime Security team identified and registered multiple vulnerabilities in the Furuno250 / Furuno500 Inmarsat FleetBroadband Systems. The vulnerabilities relate to client-side authentication (server-side auth bypass), incorrect access control (unauthorised password change) and (cleartext) password disclosure.

Sonus SBC 1000 / 2000 / SWELite Vulnerabilities + PoC

The CyberSKR team identified and registered three vulnerabilities in the Sonus (now Ribbon Communications) SBC 1000 / 2000 and SWELite Edge web interface. The vulnerabilities include a method for root privilege escalation via access to the shadow file, Local File Inclusion (LFI) and Remote Command Execution (RCE). Having responsibly disclosed the findings and working with the vendor to ensure a patch was released, we are now releasing the details and a PoC Python script that exploits the vulnerabilities.

South African Government Biometric Identity Verification System Exposed Online

CyberSKR discovered a biometric identity verification system operated by South Africa's Department of Home Affairs (DHA) had been left online since at least August 2013. The Home Affairs National Identification System (HANIS) provides a service for financial institutions, mainly banks, that "enables the verification of the customer’s identity by checking their identity number and biometric data against the data hosted at the Department of Home Affairs" (securitysa.com).

This website uses cookies