Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.
References
Link | Resource |
---|---|
http://blog.iancaling.com/post/153011925478 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
History
05 May 2021, 14:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:trango:apex_lynx:-:*:*:*:*:*:*:* cpe:2.3:o:trango:stratalink_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:trango:apex_orion:-:*:*:*:*:*:*:* cpe:2.3:h:trango:giga_plus:-:*:*:*:*:*:*:* cpe:2.3:o:trango:giga_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:trango:giga:-:*:*:*:*:*:*:* cpe:2.3:h:trango:apex_plus:-:*:*:*:*:*:*:* cpe:2.3:h:trango:giga_pro:-:*:*:*:*:*:*:* cpe:2.3:h:trango:giga_lynx:-:*:*:*:*:*:*:* cpe:2.3:h:trango:stratalink:-:*:*:*:*:*:*:* cpe:2.3:o:trango:apex_lynx_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:trango:giga_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:trango:apex_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:trango:giga_plus_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:trango:apex_orion_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:trango:stratalink_pro:-:*:*:*:*:*:*:* cpe:2.3:o:trango:apex_plus_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:trango:giga_lynx_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:trango:giga_orion_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:trango:stratalink_pro_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:trango:giga_orion:-:*:*:*:*:*:*:* |
cpe:2.3:o:gotrango:stratalink_pro_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:gotrango:giga:-:*:*:*:*:*:*:* cpe:2.3:o:gotrango:giga_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:gotrango:apex:-:*:*:*:*:*:*:* cpe:2.3:o:gotrango:giga_lynx_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:gotrango:giga_plus:-:*:*:*:*:*:*:* cpe:2.3:o:gotrango:apex_lynx_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:gotrango:giga_lynx:-:*:*:*:*:*:*:* cpe:2.3:o:gotrango:apex_plus_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:gotrango:giga_orion_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:gotrango:stratalink:-:*:*:*:*:*:*:* cpe:2.3:o:gotrango:giga_plus_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:gotrango:giga_orion:-:*:*:*:*:*:*:* cpe:2.3:h:gotrango:apex_orion:-:*:*:*:*:*:*:* cpe:2.3:o:gotrango:giga_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:gotrango:stratalink_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:gotrango:apex_lynx:-:*:*:*:*:*:*:* cpe:2.3:h:gotrango:stratalink_pro:-:*:*:*:*:*:*:* cpe:2.3:h:gotrango:apex_plus:-:*:*:*:*:*:*:* cpe:2.3:o:gotrango:apex_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:gotrango:giga_pro:-:*:*:*:*:*:*:* cpe:2.3:o:gotrango:apex_orion_firmware:*:*:*:*:*:*:*:* |
Information
Published : 2017-03-30 07:59
Updated : 2023-12-10 12:01
NVD link : CVE-2016-10305
Mitre link : CVE-2016-10305
CVE.ORG link : CVE-2016-10305
JSON object : View
Products Affected
gotrango
- apex_plus
- stratalink_firmware
- giga
- stratalink_pro
- giga_lynx_firmware
- giga_firmware
- apex_orion_firmware
- apex_plus_firmware
- giga_pro
- stratalink
- apex_lynx_firmware
- giga_orion_firmware
- apex_firmware
- apex_orion
- giga_lynx
- apex_lynx
- apex
- giga_pro_firmware
- giga_plus_firmware
- giga_plus
- giga_orion
- stratalink_pro_firmware
CWE
CWE-798
Use of Hard-coded Credentials