Skip to main content

iDirect iQ200 CVE-2026-38059

| EUVDEUVD-2026-42908 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-07-10 icscert GHSA-h2c7-fwwm-r6w8
8.7
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Unauthenticated network read of the API (AV:N/AC:L/PR:N/UI:N) discloses authentication-relevant identifiers, so C:H; no integrity or availability impact and no scope change.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (icscert).

CVSS VectorVendor: icscert

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 10, 2026 - 15:38 vuln.today

DescriptionCVE.org

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and exact firmware version. The DID and TPK are used for satellite network authentication in the iDirect platform, potentially enabling terminal impersonation and network reconnaissance.

AnalysisAI

Missing authentication on the ST Engineering iDirect iQ200 satellite terminal exposes the /api/identity and /api/ REST endpoints to any unauthenticated party on the network, letting them harvest the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and firmware version. Because the DID and TPK underpin satellite-network authentication on the iDirect platform, the leaked identifiers can support terminal impersonation and targeted reconnaissance. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach terminal management interface
Delivery
Send GET to /api/identity
Exploit
Receive DID, TPK, MAC, firmware unauthenticated
Execution
Fingerprint model and version
Impact
Reuse identifiers for impersonation/reconnaissance

Vulnerability AssessmentAI

Exploitation The exploitable condition is concrete: the terminal exposes the /api/identity and /api/ REST endpoints with no authentication (CWE-306), so any party with network reachability to the device's HTTP management interface can read the data - the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no credentials, no user interaction, and no special attack requirement. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N, VC:H, all integrity/availability and subsequent-system metrics N) scores 8.7 and describes a low-complexity, unauthenticated, network-reachable pure-confidentiality disclosure - signals that are internally consistent with the description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can route packets to an iQ200 terminal's management interface issues a simple unauthenticated HTTP GET to /api/identity and immediately receives the serial number, DID, TPK, MAC address, and firmware version. Using the firmware version they fingerprint the exact model for further targeting, and they retain the DID/TPK to attempt terminal impersonation or map the satellite network. …
Remediation No vendor-released patch version is identified in the available data; consult the CISA advisory ICSA-26-183-01 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01) and iDirect support (https://support.idirect.net/s/login) for firmware updates and apply any fixed release the vendor lists for your terminal model. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all iDirect iQ200 terminals and document network exposure; immediately implement firewall rules restricting unauthenticated access to /api/identity and /api/ endpoints from untrusted networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-38059 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy