CVE-2016-10307
Last modified
CVE-2016-10307 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.. EPSS estimates a 2.41% chance of exploitation in the next 30 days.
Description
Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gotrango | Apex Lynx Firmware | 2.0 |
| Gotrango | Apex Orion Firmware | 2.0 |
| Gotrango | Giga Lynx Firmware | 2.0 |
| Gotrango | Giga Orion Firmware | 2.0 |
| Gotrango | Stratalink Firmware | <= 3.0 |
References
- http://blog.iancaling.com/post/153011925478Exploit, Third Party Advisory
- http://www.securityfocus.com/bid/97242Third Party Advisory, VDB Entry
- http://blog.iancaling.com/post/153011925478Exploit, Third Party Advisory
- http://www.securityfocus.com/bid/97242Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-10307?
How severe is CVE-2016-10307?
How do I fix CVE-2016-10307?
Are you affected by CVE-2016-10307?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST