Details of VAR-201703-0100

ID

VAR-201703-0100

CVE

CVE-2016-10305

TITLE

plural Trango Vulnerability in using hard-coded credentials in product

Trust: 0.8

sources: JVNDB: JVNDB-2016-008188

DESCRIPTION

Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. plural Trango The product contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. Prologix Trango Apex Lynx, etc. are all products of UAE Prologix company. Apex Lynx is an outdoor microwave backhaul system. Apex Orion is a full-duplex point-to-point radio link for use in Apex Lynx. A security vulnerability exists in several Prologix Trango products. The following products and versions are affected: Prologix Trango Apex 2.1.1 and prior; Apex Lynx 2.0 and prior; Apex Orion 2.0 and prior; ApexPlus 3.2.0 and prior; Giga 2.6.1 and prior; Giga Lynx 2.0 and earlier; Giga Orion 2.0 and earlier; GigaPlus 3.2.3 and earlier; GigaPro 1.4.1 and earlier; StrataLink 3.0 and earlier; StrataPro

Trust: 1.71

sources: NVD: CVE-2016-10305 // JVNDB: JVNDB-2016-008188 // VULHUB: VHN-89068

AFFECTED PRODUCTS

vendor:	gotrango	model:	apex plus	scope:	lte	version:	3.2.0	Trust: 1.0
vendor:	gotrango	model:	giga pro	scope:	lte	version:	1.4.1	Trust: 1.0
vendor:	gotrango	model:	stratalink	scope:	lte	version:	2.2.0	Trust: 1.0
vendor:	gotrango	model:	giga plus	scope:	lte	version:	3.2.3	Trust: 1.0
vendor:	gotrango	model:	giga lynx	scope:	lte	version:	1.2.3	Trust: 1.0
vendor:	gotrango	model:	giga	scope:	lte	version:	2.6.1	Trust: 1.0
vendor:	gotrango	model:	apex orion	scope:	lte	version:	1.2.3	Trust: 1.0
vendor:	gotrango	model:	giga orion	scope:	lte	version:	1.2.3	Trust: 1.0
vendor:	gotrango	model:	apex lynx	scope:	lte	version:	1.2.3	Trust: 1.0
vendor:	gotrango	model:	stratalink pro	scope:	eq	version:	-	Trust: 1.0
vendor:	gotrango	model:	apex	scope:	lte	version:	2.1.1	Trust: 1.0
vendor:	trango	model:	apex lynx	scope:	-	version:	-	Trust: 0.8
vendor:	trango	model:	apex orion	scope:	-	version:	-	Trust: 0.8
vendor:	trango	model:	apex	scope:	-	version:	-	Trust: 0.8
vendor:	trango	model:	apexplus	scope:	-	version:	-	Trust: 0.8
vendor:	trango	model:	giga lynx	scope:	-	version:	-	Trust: 0.8
vendor:	trango	model:	giga orion	scope:	-	version:	-	Trust: 0.8
vendor:	trango	model:	giga plus	scope:	-	version:	-	Trust: 0.8
vendor:	trango	model:	giga pro	scope:	-	version:	-	Trust: 0.8
vendor:	trango	model:	giga	scope:	-	version:	-	Trust: 0.8
vendor:	trango	model:	stratalink pro	scope:	-	version:	-	Trust: 0.8
vendor:	trango	model:	stratalink	scope:	-	version:	-	Trust: 0.8
vendor:	trango	model:	giga plus	scope:	eq	version:	3.2.3	Trust: 0.6
vendor:	trango	model:	apex orion	scope:	eq	version:	1.2.3	Trust: 0.6
vendor:	trango	model:	giga orion	scope:	eq	version:	1.2.3	Trust: 0.6
vendor:	trango	model:	giga lynx	scope:	eq	version:	1.2.3	Trust: 0.6
vendor:	trango	model:	stratalink pro	scope:	eq	version:	-	Trust: 0.6
vendor:	trango	model:	stratalink	scope:	eq	version:	2.2.0	Trust: 0.6
vendor:	trango	model:	giga pro	scope:	eq	version:	1.4.1	Trust: 0.6
vendor:	trango	model:	apex lynx	scope:	eq	version:	1.2.3	Trust: 0.6
vendor:	trango	model:	apex	scope:	eq	version:	2.1.1	Trust: 0.6
vendor:	trango	model:	giga	scope:	eq	version:	2.6.1	Trust: 0.6

sources: JVNDB: JVNDB-2016-008188 // CNNVD: CNNVD-201703-1394 // NVD: CVE-2016-10305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-10305
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-10305
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201703-1394
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-89068
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-10305
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-89068
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-10305
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2016-10305
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-89068 // JVNDB: JVNDB-2016-008188 // CNNVD: CNNVD-201703-1394 // NVD: CVE-2016-10305

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-89068 // JVNDB: JVNDB-2016-008188 // NVD: CVE-2016-10305

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1394

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201703-1394

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008188

PATCH

title:

Top Page

url:

http://support.trangosys.com/hc/en-us

Trust: 0.8

sources: JVNDB: JVNDB-2016-008188

EXTERNAL IDS

db:	NVD	id:	CVE-2016-10305	Trust: 2.5
db:	JVNDB	id:	JVNDB-2016-008188	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-1394	Trust: 0.7
db:	VULHUB	id:	VHN-89068	Trust: 0.1

sources: VULHUB: VHN-89068 // JVNDB: JVNDB-2016-008188 // CNNVD: CNNVD-201703-1394 // NVD: CVE-2016-10305

REFERENCES

url:	http://blog.iancaling.com/post/153011925478	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10305	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10305	Trust: 0.8
url:	http://blog.iancaling.com/post/153011925478/trango-systems-hidden-root-account-vulnerability	Trust: 0.8

sources: VULHUB: VHN-89068 // JVNDB: JVNDB-2016-008188 // CNNVD: CNNVD-201703-1394 // NVD: CVE-2016-10305

SOURCES

db:	VULHUB	id:	VHN-89068
db:	JVNDB	id:	JVNDB-2016-008188
db:	CNNVD	id:	CNNVD-201703-1394
db:	NVD	id:	CVE-2016-10305

LAST UPDATE DATE

2025-04-20T23:25:06.492000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-89068	date:	2017-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2016-008188	date:	2017-04-28T00:00:00
db:	CNNVD	id:	CNNVD-201703-1394	date:	2021-05-06T00:00:00
db:	NVD	id:	CVE-2016-10305	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-89068	date:	2017-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2016-008188	date:	2017-04-28T00:00:00
db:	CNNVD	id:	CNNVD-201703-1394	date:	2017-03-31T00:00:00
db:	NVD	id:	CVE-2016-10305	date:	2017-03-30T07:59:00.143