Lucene search

[email protected]NVD:CVE-2016-10307

HistoryMar 30, 2017 - 7:59 a.m.

CVE-2016-10307

2017-03-3007:59:00

CWE-798

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.012

Percentile

85.6%

JSON

Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.

Affected configurations

Nvd

Node

gotrangoapex_lynx_firmwareMatch2.0

AND

gotrangoapex_lynxMatch-

Node

gotrangoapex_orion_firmwareMatch2.0

AND

gotrangoapex_orionMatch-

Node

gotrangogiga_lynx_firmwareMatch2.0

AND

gotrangogiga_lynxMatch-

Node

gotrangogiga_orion_firmwareMatch2.0

AND

gotrangogiga_orionMatch-

Node

gotrangostratalink_firmwareRange≤3.0

AND

gotrangostratalinkMatch-

VendorProductVersionCPE
gotrangoapex_lynx_firmware2.0cpe:2.3:o:gotrango:apex_lynx_firmware:2.0:*:*:*:*:*:*:*
gotrangoapex_lynx-cpe:2.3:h:gotrango:apex_lynx:-:*:*:*:*:*:*:*
gotrangoapex_orion_firmware2.0cpe:2.3:o:gotrango:apex_orion_firmware:2.0:*:*:*:*:*:*:*
gotrangoapex_orion-cpe:2.3:h:gotrango:apex_orion:-:*:*:*:*:*:*:*
gotrangogiga_lynx_firmware2.0cpe:2.3:o:gotrango:giga_lynx_firmware:2.0:*:*:*:*:*:*:*
gotrangogiga_lynx-cpe:2.3:h:gotrango:giga_lynx:-:*:*:*:*:*:*:*
gotrangogiga_orion_firmware2.0cpe:2.3:o:gotrango:giga_orion_firmware:2.0:*:*:*:*:*:*:*
gotrangogiga_orion-cpe:2.3:h:gotrango:giga_orion:-:*:*:*:*:*:*:*
gotrangostratalink_firmware*cpe:2.3:o:gotrango:stratalink_firmware:*:*:*:*:*:*:*:*
gotrangostratalink-cpe:2.3:h:gotrango:stratalink:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gotrango	apex_lynx_firmware	2.0	cpe:2.3:o:gotrango:apex_lynx_firmware:2.0:::::::*
gotrango	apex_lynx	-	cpe:2.3:h:gotrango:apex_lynx:-:::::::*
gotrango	apex_orion_firmware	2.0	cpe:2.3:o:gotrango:apex_orion_firmware:2.0:::::::*
gotrango	apex_orion	-	cpe:2.3:h:gotrango:apex_orion:-:::::::*
gotrango	giga_lynx_firmware	2.0	cpe:2.3:o:gotrango:giga_lynx_firmware:2.0:::::::*
gotrango	giga_lynx	-	cpe:2.3:h:gotrango:giga_lynx:-:::::::*
gotrango	giga_orion_firmware	2.0	cpe:2.3:o:gotrango:giga_orion_firmware:2.0:::::::*
gotrango	giga_orion	-	cpe:2.3:h:gotrango:giga_orion:-:::::::*
gotrango	stratalink_firmware	*	cpe:2.3:o:gotrango:stratalink_firmware::::::::
gotrango	stratalink	-	cpe:2.3:h:gotrango:stratalink:-:::::::*

References

blog.iancaling.com/post/153011925478

www.securityfocus.com/bid/97242

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.012

Percentile

85.6%

JSON

Related for NVD:CVE-2016-10307

prion1 cvelist1 cve1