Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by trango
VAR-201703-0101
Vulnerability from variot - Updated: 2023-12-18 13:48Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. Trango Altum AC600 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The TrangoAltumAC600 is an access point and client device for wireless Ethernet bridging applications and outdoor Wi-Fi/hotspot deployments at TrangoSystems, USA. Trango Altum AC600 Devices are prone to an insecure default-password vulnerability. This may aid in further attacks. All Trango Altum AC600 Devices are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0101",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a600",
"scope": "eq",
"trust": 1.6,
"vendor": "trango",
"version": null
},
{
"model": "systems altum ac600",
"scope": "eq",
"trust": 0.9,
"vendor": "trango",
"version": "0"
},
{
"model": "altum a600",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"db": "BID",
"id": "97241"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"db": "NVD",
"id": "CVE-2016-10306"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1393"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:trango:a600_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:trango:a600-ext-us:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:trango:a600-25-us:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:trango:a600-19-us:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10306"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iancaling.",
"sources": [
{
"db": "BID",
"id": "97241"
}
],
"trust": 0.3
},
"cve": "CVE-2016-10306",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-10306",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-04550",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-89069",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-10306",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-10306",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-04550",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1393",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-89069",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"db": "VULHUB",
"id": "VHN-89069"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"db": "NVD",
"id": "CVE-2016-10306"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1393"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. Trango Altum AC600 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The TrangoAltumAC600 is an access point and client device for wireless Ethernet bridging applications and outdoor Wi-Fi/hotspot deployments at TrangoSystems, USA. Trango Altum AC600 Devices are prone to an insecure default-password vulnerability. This may aid in further attacks. \nAll Trango Altum AC600 Devices are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10306"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"db": "BID",
"id": "97241"
},
{
"db": "VULHUB",
"id": "VHN-89069"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10306",
"trust": 3.4
},
{
"db": "BID",
"id": "97241",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1393",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-04550",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-89069",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"db": "VULHUB",
"id": "VHN-89069"
},
{
"db": "BID",
"id": "97241"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"db": "NVD",
"id": "CVE-2016-10306"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1393"
}
]
},
"id": "VAR-201703-0101",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"db": "VULHUB",
"id": "VHN-89069"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04550"
}
]
},
"last_update_date": "2023-12-18T13:48:40.865000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Altum Series DATASHEET",
"trust": 0.8,
"url": "https://www.trangosys.com/support/documents/datasheets/altum-ac-datasheet.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89069"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"db": "NVD",
"id": "CVE-2016-10306"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97241"
},
{
"trust": 1.7,
"url": "http://blog.iancaling.com/post/153011925478"
},
{
"trust": 1.7,
"url": "http://blog.iancaling.com/post/155395764003"
},
{
"trust": 1.1,
"url": "http://blog.iancaling.com/post/155395764003/trango-altum-ac600-default-root-login"
},
{
"trust": 1.1,
"url": "http://blog.iancaling.com/post/153011925478/trango-systems-hidden-root-account-vulnerability"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10306"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10306"
},
{
"trust": 0.3,
"url": "https://www.trangosys.com/products/altum-series/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"db": "VULHUB",
"id": "VHN-89069"
},
{
"db": "BID",
"id": "97241"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"db": "NVD",
"id": "CVE-2016-10306"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1393"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"db": "VULHUB",
"id": "VHN-89069"
},
{
"db": "BID",
"id": "97241"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"db": "NVD",
"id": "CVE-2016-10306"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1393"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"date": "2017-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-89069"
},
{
"date": "2017-03-29T00:00:00",
"db": "BID",
"id": "97241"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"date": "2017-03-30T07:59:00.190000",
"db": "NVD",
"id": "CVE-2016-10306"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1393"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"date": "2017-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-89069"
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "97241"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"date": "2017-04-04T15:39:56.180000",
"db": "NVD",
"id": "CVE-2016-10306"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1393"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1393"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trango Altum AC600 Vulnerabilities related to the use of hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1393"
}
],
"trust": 0.6
}
}
VAR-201703-0102
Vulnerability from variot - Updated: 2023-12-18 13:24Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. plural Trango The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Trango devices are prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Prologix Trango Apex Lynx, etc. are all products of UAE Prologix company. Apex Lynx is an outdoor microwave backhaul system. Apex Orion is a full-duplex point-to-point radio link for use in Apex Lynx. A security vulnerability exists in several Prologix Trango products. The following products and versions are affected: Prologix Trango Apex Lynx Version 2.0, Apex Orion Version 2.0, Giga Lynx Version 2.0, Giga Orion Version 2.0, StrataLink Version 3.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0102",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "apex orion",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.0"
},
{
"model": "giga lynx",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.0"
},
{
"model": "apex lynx",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.0"
},
{
"model": "giga orion",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.0"
},
{
"model": "stratalink",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "3.0"
},
{
"model": "apex lynx",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apex orion",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga lynx",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga orion",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "stratalink",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apex orion",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.0"
},
{
"model": "giga orion",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.0"
},
{
"model": "giga lynx",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.0"
},
{
"model": "stratalink",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "3.0"
},
{
"model": "apex lynx",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.0"
},
{
"model": "systems stratalink",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "3.0"
},
{
"model": "systems gigaorion",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "2.0"
},
{
"model": "systems gigalynx",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "2.0"
},
{
"model": "systems apexorion",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "2.0"
},
{
"model": "systems apexlynx",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "97242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:apex_lynx_firmware:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:apex_lynx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:apex_orion_firmware:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:apex_orion:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:giga_lynx_firmware:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:giga_lynx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:giga_orion_firmware:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:giga_orion:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:stratalink_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:stratalink:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iancaling.",
"sources": [
{
"db": "BID",
"id": "97242"
}
],
"trust": 0.3
},
"cve": "CVE-2016-10307",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-10307",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-89070",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-10307",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-10307",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1392",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-89070",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. plural Trango The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Trango devices are prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Prologix Trango Apex Lynx, etc. are all products of UAE Prologix company. Apex Lynx is an outdoor microwave backhaul system. Apex Orion is a full-duplex point-to-point radio link for use in Apex Lynx. A security vulnerability exists in several Prologix Trango products. The following products and versions are affected: Prologix Trango Apex Lynx Version 2.0, Apex Orion Version 2.0, Giga Lynx Version 2.0, Giga Orion Version 2.0, StrataLink Version 3.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10307"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "BID",
"id": "97242"
},
{
"db": "VULHUB",
"id": "VHN-89070"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10307",
"trust": 2.8
},
{
"db": "BID",
"id": "97242",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-89070",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "BID",
"id": "97242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
}
]
},
"id": "VAR-201703-0102",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:24:30.703000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://support.trangosys.com/hc/en-us"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97242"
},
{
"trust": 1.7,
"url": "http://blog.iancaling.com/post/153011925478"
},
{
"trust": 1.1,
"url": "http://blog.iancaling.com/post/153011925478/trango-systems-hidden-root-account-vulnerability"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10307"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10307"
},
{
"trust": 0.3,
"url": "https://www.trangosys.com/products/altum-series/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "BID",
"id": "97242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "BID",
"id": "97242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-89070"
},
{
"date": "2017-03-29T00:00:00",
"db": "BID",
"id": "97242"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"date": "2017-03-30T07:59:00.220000",
"db": "NVD",
"id": "CVE-2016-10307"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1392"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-89070"
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "97242"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"date": "2021-05-05T14:46:28.370000",
"db": "NVD",
"id": "CVE-2016-10307"
},
{
"date": "2021-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1392"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Trango Vulnerabilities related to the use of hard-coded credentials in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
}
],
"trust": 0.6
}
}
VAR-201703-0100
Vulnerability from variot - Updated: 2023-12-18 13:08Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. plural Trango The product contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. Prologix Trango Apex Lynx, etc. are all products of UAE Prologix company. Apex Lynx is an outdoor microwave backhaul system. Apex Orion is a full-duplex point-to-point radio link for use in Apex Lynx. A security vulnerability exists in several Prologix Trango products. The following products and versions are affected: Prologix Trango Apex 2.1.1 and prior; Apex Lynx 2.0 and prior; Apex Orion 2.0 and prior; ApexPlus 3.2.0 and prior; Giga 2.6.1 and prior; Giga Lynx 2.0 and earlier; Giga Orion 2.0 and earlier; GigaPlus 3.2.3 and earlier; GigaPro 1.4.1 and earlier; StrataLink 3.0 and earlier; StrataPro
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0100",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "apex lynx",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.2.3"
},
{
"model": "apex",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.1.1"
},
{
"model": "stratalink",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.2.0"
},
{
"model": "stratalink pro",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": null
},
{
"model": "giga",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.6.1"
},
{
"model": "apex orion",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.2.3"
},
{
"model": "giga lynx",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.2.3"
},
{
"model": "giga orion",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.2.3"
},
{
"model": "apex plus",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "3.2.0"
},
{
"model": "giga plus",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "3.2.3"
},
{
"model": "giga pro",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.4.1"
},
{
"model": "apex lynx",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apex orion",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apex",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apexplus",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga lynx",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga orion",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga plus",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga pro",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "stratalink pro",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "stratalink",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga plus",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "3.2.3"
},
{
"model": "apex orion",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.2.3"
},
{
"model": "giga orion",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.2.3"
},
{
"model": "giga lynx",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.2.3"
},
{
"model": "stratalink pro",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": null
},
{
"model": "stratalink",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.2.0"
},
{
"model": "giga pro",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.4.1"
},
{
"model": "apex lynx",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.2.3"
},
{
"model": "apex",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.1.1"
},
{
"model": "giga",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.6.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:apex_plus_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:apex_plus:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:apex_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:apex:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:apex_lynx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:apex_lynx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:apex_orion_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:apex_orion:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:giga_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:giga:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:giga_lynx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:giga_lynx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:giga_orion_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:giga_orion:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:giga_plus_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:giga_plus:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:giga_pro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.4.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:giga_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:stratalink_pro_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:stratalink_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gotrango:stratalink_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gotrango:stratalink:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"cve": "CVE-2016-10305",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-10305",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-89068",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-10305",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-10305",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1394",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-89068",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trango Apex \u003c= 2.1.1, ApexLynx \u003c 2.0, ApexOrion \u003c 2.0, ApexPlus \u003c= 3.2.0, Giga \u003c= 2.6.1, GigaLynx \u003c 2.0, GigaOrion \u003c 2.0, GigaPlus \u003c= 3.2.3, GigaPro \u003c= 1.4.1, StrataLink \u003c 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. plural Trango The product contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. Prologix Trango Apex Lynx, etc. are all products of UAE Prologix company. Apex Lynx is an outdoor microwave backhaul system. Apex Orion is a full-duplex point-to-point radio link for use in Apex Lynx. A security vulnerability exists in several Prologix Trango products. The following products and versions are affected: Prologix Trango Apex 2.1.1 and prior; Apex Lynx 2.0 and prior; Apex Orion 2.0 and prior; ApexPlus 3.2.0 and prior; Giga 2.6.1 and prior; Giga Lynx 2.0 and earlier; Giga Orion 2.0 and earlier; GigaPlus 3.2.3 and earlier; GigaPro 1.4.1 and earlier; StrataLink 3.0 and earlier; StrataPro",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10305"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "VULHUB",
"id": "VHN-89068"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10305",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-89068",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
}
]
},
"id": "VAR-201703-0100",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:08:54.734000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://support.trangosys.com/hc/en-us"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://blog.iancaling.com/post/153011925478"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10305"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10305"
},
{
"trust": 0.8,
"url": "http://blog.iancaling.com/post/153011925478/trango-systems-hidden-root-account-vulnerability"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-89068"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"date": "2017-03-30T07:59:00.143000",
"db": "NVD",
"id": "CVE-2016-10305"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1394"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-89068"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"date": "2021-05-05T14:44:55.480000",
"db": "NVD",
"id": "CVE-2016-10305"
},
{
"date": "2021-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1394"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Trango Vulnerability in using hard-coded credentials in product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
}
],
"trust": 0.6
}
}