Sign-up

ID

VAR-201703-0101


CVE

CVE-2016-10306


TITLE

Trango Altum AC600 Vulnerabilities related to the use of hard-coded credentials on devices

Trust: 0.8

sources: JVNDB: JVNDB-2016-008189

DESCRIPTION

Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. Trango Altum AC600 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The TrangoAltumAC600 is an access point and client device for wireless Ethernet bridging applications and outdoor Wi-Fi/hotspot deployments at TrangoSystems, USA. Trango Altum AC600 Devices are prone to an insecure default-password vulnerability. This may aid in further attacks. All Trango Altum AC600 Devices are vulnerable

Trust: 2.52

sources: NVD: CVE-2016-10306 // JVNDB: JVNDB-2016-008189 // CNVD: CNVD-2017-04550 // BID: 97241 // VULHUB: VHN-89069

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04550

AFFECTED PRODUCTS

vendor:trangomodel:a600scope:eqversion: -

Trust: 1.6

vendor:trangomodel:systems altum ac600scope:eqversion:0

Trust: 0.9

vendor:trangomodel:altum a600scope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2017-04550 // BID: 97241 // JVNDB: JVNDB-2016-008189 // CNNVD: CNNVD-201703-1393 // NVD: CVE-2016-10306

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10306
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-10306
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-04550
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201703-1393
value: CRITICAL

Trust: 0.6

VULHUB: VHN-89069
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-10306
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-04550
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-89069
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-10306
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04550 // VULHUB: VHN-89069 // JVNDB: JVNDB-2016-008189 // CNNVD: CNNVD-201703-1393 // NVD: CVE-2016-10306

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-89069 // JVNDB: JVNDB-2016-008189 // NVD: CVE-2016-10306

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1393

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201703-1393

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008189

PATCH
title:Altum Series DATASHEETurl:https://www.trangosys.com/support/documents/datasheets/Altum-AC-Datasheet.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-008189

EXTERNAL IDS
db:NVDid:CVE-2016-10306
Trust: 3.4
db:BIDid:97241
Trust: 2.0
db:JVNDBid:JVNDB-2016-008189
Trust: 0.8
db:CNNVDid:CNNVD-201703-1393
Trust: 0.7
db:CNVDid:CNVD-2017-04550
Trust: 0.6
db:VULHUBid:VHN-89069
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04550 // 
            
            
            
            VULHUB: VHN-89069 // 
            
            
            
            BID: 97241 // 
            
            
            
            JVNDB: JVNDB-2016-008189 // 
            
            
            
            CNNVD: CNNVD-201703-1393 // 
            
            
            
            NVD: CVE-2016-10306

REFERENCES
url:http://www.securityfocus.com/bid/97241
Trust: 1.7
url:http://blog.iancaling.com/post/153011925478
Trust: 1.7
url:http://blog.iancaling.com/post/155395764003
Trust: 1.7
url:http://blog.iancaling.com/post/155395764003/trango-altum-ac600-default-root-login
Trust: 1.1
url:http://blog.iancaling.com/post/153011925478/trango-systems-hidden-root-account-vulnerability
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10306
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-10306
Trust: 0.8
url:https://www.trangosys.com/products/altum-series/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-04550 // 
            
            
            
            VULHUB: VHN-89069 // 
            
            
            
            BID: 97241 // 
            
            
            
            JVNDB: JVNDB-2016-008189 // 
            
            
            
            CNNVD: CNNVD-201703-1393 // 
            
            
            
            NVD: CVE-2016-10306

CREDITS
iancaling.
Trust: 0.3
sources:
            
            
            BID: 97241

SOURCES
db:CNVDid:CNVD-2017-04550
db:VULHUBid:VHN-89069
db:BIDid:97241
db:JVNDBid:JVNDB-2016-008189
db:CNNVDid:CNNVD-201703-1393
db:NVDid:CVE-2016-10306

LAST UPDATE DATE
2025-04-20T23:20:05.716000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04550date:2017-04-17T00:00:00
db:VULHUBid:VHN-89069date:2017-04-04T00:00:00
db:BIDid:97241date:2017-04-04T00:02:00
db:JVNDBid:JVNDB-2016-008189date:2017-04-28T00:00:00
db:CNNVDid:CNNVD-201703-1393date:2017-03-31T00:00:00
db:NVDid:CVE-2016-10306date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04550date:2017-04-17T00:00:00
db:VULHUBid:VHN-89069date:2017-03-30T00:00:00
db:BIDid:97241date:2017-03-29T00:00:00
db:JVNDBid:JVNDB-2016-008189date:2017-04-28T00:00:00
db:CNNVDid:CNNVD-201703-1393date:2017-03-31T00:00:00
db:NVDid:CVE-2016-10306date:2017-03-30T07:59:00.190