NOVELSAT NS3000 and NS2000 Products Session Hijacking Vulnerability

Vulnerability

A session hijacking vulnerability has been identified in NOVELSAT's NS3000 version 8.1.1.125110, 7.2.8.124852, and 7.x, as well as in NS2000 version 7.02.08. The issue arises from missing authentication checks in the query.fcgi endpoint, allowing attackers to execute session hijacking attacks.

Impact

Exploitation of this vulnerability allows for session hijacking, where an attacker can take over a user's session, potentially leading to unauthorized actions or access within the application.

Added: Jul 2, 2025, 5:29 PM

Updated: Jul 2, 2025, 7:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NOVELSAT NS3000 and NS2000 Products Session Hijacking Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating