Lucene search

[email protected]NVD:CVE-2016-10305

HistoryMar 30, 2017 - 7:59 a.m.

CVE-2016-10305

2017-03-3007:59:00

CWE-798

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.007

Percentile

79.9%

JSON

Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.

Affected configurations

Nvd

Node

gotrangoapex_plus_firmwareRange≤3.2.0

AND

gotrangoapex_plusMatch-

Node

gotrangoapex_firmwareRange≤2.1.1

AND

gotrangoapexMatch-

Node

gotrangoapex_lynx_firmwareRange≤1.2.3

AND

gotrangoapex_lynxMatch-

Node

gotrangoapex_orion_firmwareRange≤1.2.3

AND

gotrangoapex_orionMatch-

Node

gotrangogiga_firmwareRange≤2.6.1

AND

gotrangogigaMatch-

Node

gotrangogiga_lynx_firmwareRange≤1.2.3

AND

gotrangogiga_lynxMatch-

Node

gotrangogiga_orion_firmwareRange≤1.2.3

AND

gotrangogiga_orionMatch-

Node

gotrangogiga_plus_firmwareRange≤3.2.3

AND

gotrangogiga_plusMatch-

Node

gotrangogiga_pro_firmwareRange≤1.4.1

AND

gotrangogiga_proMatch-

Node

gotrangostratalink_pro_firmwareMatch-

AND

gotrangostratalink_proMatch-

Node

gotrangostratalink_firmwareRange≤2.2.0

AND

gotrangostratalinkMatch-

VendorProductVersionCPE
gotrangoapex_plus_firmware*cpe:2.3:o:gotrango:apex_plus_firmware:*:*:*:*:*:*:*:*
gotrangoapex_plus-cpe:2.3:h:gotrango:apex_plus:-:*:*:*:*:*:*:*
gotrangoapex_firmware*cpe:2.3:o:gotrango:apex_firmware:*:*:*:*:*:*:*:*
gotrangoapex-cpe:2.3:h:gotrango:apex:-:*:*:*:*:*:*:*
gotrangoapex_lynx_firmware*cpe:2.3:o:gotrango:apex_lynx_firmware:*:*:*:*:*:*:*:*
gotrangoapex_lynx-cpe:2.3:h:gotrango:apex_lynx:-:*:*:*:*:*:*:*
gotrangoapex_orion_firmware*cpe:2.3:o:gotrango:apex_orion_firmware:*:*:*:*:*:*:*:*
gotrangoapex_orion-cpe:2.3:h:gotrango:apex_orion:-:*:*:*:*:*:*:*
gotrangogiga_firmware*cpe:2.3:o:gotrango:giga_firmware:*:*:*:*:*:*:*:*
gotrangogiga-cpe:2.3:h:gotrango:giga:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gotrango	apex_plus_firmware	*	cpe:2.3:o:gotrango:apex_plus_firmware::::::::
gotrango	apex_plus	-	cpe:2.3:h:gotrango:apex_plus:-:::::::*
gotrango	apex_firmware	*	cpe:2.3:o:gotrango:apex_firmware::::::::
gotrango	apex	-	cpe:2.3:h:gotrango:apex:-:::::::*
gotrango	apex_lynx_firmware	*	cpe:2.3:o:gotrango:apex_lynx_firmware::::::::
gotrango	apex_lynx	-	cpe:2.3:h:gotrango:apex_lynx:-:::::::*
gotrango	apex_orion_firmware	*	cpe:2.3:o:gotrango:apex_orion_firmware::::::::
gotrango	apex_orion	-	cpe:2.3:h:gotrango:apex_orion:-:::::::*
gotrango	giga_firmware	*	cpe:2.3:o:gotrango:giga_firmware::::::::
gotrango	giga	-	cpe:2.3:h:gotrango:giga:-:::::::*

Rows per page:

1-10 of 221

References

blog.iancaling.com/post/153011925478

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.007

Percentile

79.9%

JSON

Related for NVD:CVE-2016-10305

cvelist1 cve1 prion1