hughes 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk cross-site scripting and vendor risk input validation などに関し、一部は vendor impact session compromise を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-22971 | Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application. | [email protected] | 6.1 | 0.68% | 2023-01-26 | 2026-06-17 |
| CVE-2016-9497 | Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem. | [email protected] | 8.8 | 2.21% | 2018-07-13 | 2026-06-16 |
| CVE-2016-9496 | Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot. | [email protected] | 6.5 | 0.90% | 2018-07-13 | 2026-06-16 |
| CVE-2016-9495 | Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices. | [email protected] | 8.8 | 0.89% | 2018-07-13 | 2026-06-16 |
| CVE-2016-9494 | Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service. | [email protected] | 6.5 | 0.75% | 2018-07-13 | 2026-06-16 |
| CVE-2001-1225 | Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried. | [email protected] | 2.1 | 0.33% | 2001-12-26 | 2026-06-16 |
| CVE-2000-0012 | Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. | [email protected] | 10.0 | 9.89% | 1999-12-27 | 2026-06-16 |
| CVE-1999-0753 | The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories. | [email protected] | 7.5 | 5.33% | 1999-08-17 | 2026-06-16 |
| CVE-1999-1260 | mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive server information such as logged users, database names, and server version via the ServerStats query. | [email protected] | 7.5 | 1.35% | 1999-02-15 | 2026-06-16 |
| CVE-1999-0276 | mSQL v2.0.1 and below allows remote execution through a buffer overflow. | [email protected] | 7.5 | 3.08% | 1999-01-01 | 2026-06-16 |