RSS   Vulnerabilities for 'Apex orion firmware'   RSS

2017-03-30
 
CVE-2016-10307

 

 
Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.

 
 
CVE-2016-10305

 

 
Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.

 

 >>> Vendor: Trango 12 Products
A600 firmware
Stratalink firmware
Giga pro firmware
Apex firmware
Apex orion firmware
Giga plus firmware
Apex lynx firmware
Giga lynx firmware
Apex plus firmware
Giga orion firmware
Giga firmware
Stratalink pro firmware


Copyright 2017, cxsecurity.com

 

Back to Top