Vulnerability Description
Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gotrango | Apex Lynx Firmware | 2.0 |
| Gotrango | Apex Lynx | - |
| Gotrango | Apex Orion Firmware | 2.0 |
| Gotrango | Apex Orion | - |
| Gotrango | Giga Lynx Firmware | 2.0 |
| Gotrango | Giga Lynx | - |
| Gotrango | Giga Orion Firmware | 2.0 |
| Gotrango | Giga Orion | - |
| Gotrango | Stratalink Firmware | <= 3.0 |
| Gotrango | Stratalink | - |
Related Weaknesses (CWE)
References
- http://blog.iancaling.com/post/153011925478ExploitThird Party Advisory
- http://www.securityfocus.com/bid/97242Third Party AdvisoryVDB Entry
- http://blog.iancaling.com/post/153011925478ExploitThird Party Advisory
- http://www.securityfocus.com/bid/97242Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-10307?
CVE-2016-10307 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but th...
How severe is CVE-2016-10307?
CVE-2016-10307 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-10307?
Check the references section above for vendor advisories and patch information. Affected products include: Gotrango Apex Lynx Firmware, Gotrango Apex Lynx, Gotrango Apex Orion Firmware, Gotrango Apex Orion, Gotrango Giga Lynx Firmware.