Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Unauthenticated network read of the API (AV:N/AC:L/PR:N/UI:N) discloses authentication-relevant identifiers, so C:H; no integrity or availability impact and no scope change.
Primary rating from Vendor (icscert).
CVSS VectorVendor: icscert
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and exact firmware version. The DID and TPK are used for satellite network authentication in the iDirect platform, potentially enabling terminal impersonation and network reconnaissance.
AnalysisAI
Missing authentication on the ST Engineering iDirect iQ200 satellite terminal exposes the /api/identity and /api/ REST endpoints to any unauthenticated party on the network, letting them harvest the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and firmware version. Because the DID and TPK underpin satellite-network authentication on the iDirect platform, the leaked identifiers can support terminal impersonation and targeted reconnaissance. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The exploitable condition is concrete: the terminal exposes the /api/identity and /api/ REST endpoints with no authentication (CWE-306), so any party with network reachability to the device's HTTP management interface can read the data - the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no credentials, no user interaction, and no special attack requirement. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N, VC:H, all integrity/availability and subsequent-system metrics N) scores 8.7 and describes a low-complexity, unauthenticated, network-reachable pure-confidentiality disclosure - signals that are internally consistent with the description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can route packets to an iQ200 terminal's management interface issues a simple unauthenticated HTTP GET to /api/identity and immediately receives the serial number, DID, TPK, MAC address, and firmware version. Using the firmware version they fingerprint the exact model for further targeting, and they retain the DID/TPK to attempt terminal impersonation or map the satellite network. … |
| Remediation | No vendor-released patch version is identified in the available data; consult the CISA advisory ICSA-26-183-01 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01) and iDirect support (https://support.idirect.net/s/login) for firmware updates and apply any fixed release the vendor lists for your terminal model. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all iDirect iQ200 terminals and document network exposure; immediately implement firewall rules restricting unauthenticated access to /api/identity and /api/ endpoints from untrusted networks. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42908
GHSA-h2c7-fwwm-r6w8