NAVTOR NavBox
Summary
NAVTOR NavBox versions prior to 4.17.2.6 are affected by a vulnerability (CVE-2026-21404) involving hard-coded credentials in its SOAP implementation. Successful exploitation by a local attacker could grant unauthorized access to privileged methods, allowing for disruption of operations through file manipulation.
IFF Assessment
The vulnerability allows for unauthorized access and disruption of operations, posing a direct threat to defenders.
Severity
The CVSS score of 6.3 (MEDIUM) reflects a moderate impact. The vulnerability allows for unauthorized access and modification of files, which can lead to operational disruption. The attack vector is local, and it leverages the use of hard-coded credentials.
Defender Context
Defenders should be aware of this vulnerability in NAVTOR NavBox systems, particularly those using the SOAP functionality. The presence of hard-coded credentials is a critical security flaw that attackers can exploit for unauthorized access and data manipulation. Organizations using this equipment should ensure they are running the patched version to mitigate risks.