CVE-2016-10305

30.03.2017, 07:59

Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 61%

Vendor	Product	Version
gotrango	apex_plus_firmware	𝑥 ≤ 3.2.0
gotrango	apex_firmware	𝑥 ≤ 2.1.1
gotrango	apex_lynx_firmware	𝑥 ≤ 1.2.3
gotrango	apex_orion_firmware	𝑥 ≤ 1.2.3
gotrango	giga_firmware	𝑥 ≤ 2.6.1
gotrango	giga_lynx_firmware	𝑥 ≤ 1.2.3
gotrango	giga_orion_firmware	𝑥 ≤ 1.2.3
gotrango	giga_plus_firmware	𝑥 ≤ 3.2.3
gotrango	giga_pro_firmware	𝑥 ≤ 1.4.1
gotrango	stratalink_pro_firmware	-
gotrango	stratalink_firmware	𝑥 ≤ 2.2.0

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-798 - Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

http://blog.iancaling.com/post/153011925478