Sign-up

ID

VAR-201703-0102


CVE

CVE-2016-10307


TITLE

plural Trango Vulnerabilities related to the use of hard-coded credentials in products

Trust: 0.8

sources: JVNDB: JVNDB-2016-008190

DESCRIPTION

Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. plural Trango The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Trango devices are prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Prologix Trango Apex Lynx, etc. are all products of UAE Prologix company. Apex Lynx is an outdoor microwave backhaul system. Apex Orion is a full-duplex point-to-point radio link for use in Apex Lynx. A security vulnerability exists in several Prologix Trango products. The following products and versions are affected: Prologix Trango Apex Lynx Version 2.0, Apex Orion Version 2.0, Giga Lynx Version 2.0, Giga Orion Version 2.0, StrataLink Version 3.0

Trust: 1.98

sources: NVD: CVE-2016-10307 // JVNDB: JVNDB-2016-008190 // BID: 97242 // VULHUB: VHN-89070

AFFECTED PRODUCTS

vendor:gotrangomodel:giga orionscope:eqversion:2.0

Trust: 1.0

vendor:gotrangomodel:stratalinkscope:lteversion:3.0

Trust: 1.0

vendor:gotrangomodel:apex orionscope:eqversion:2.0

Trust: 1.0

vendor:gotrangomodel:apex lynxscope:eqversion:2.0

Trust: 1.0

vendor:gotrangomodel:giga lynxscope:eqversion:2.0

Trust: 1.0

vendor:trangomodel:apex lynxscope: - version: -

Trust: 0.8

vendor:trangomodel:apex orionscope: - version: -

Trust: 0.8

vendor:trangomodel:giga lynxscope: - version: -

Trust: 0.8

vendor:trangomodel:giga orionscope: - version: -

Trust: 0.8

vendor:trangomodel:stratalinkscope: - version: -

Trust: 0.8

vendor:trangomodel:apex orionscope:eqversion:2.0

Trust: 0.6

vendor:trangomodel:giga orionscope:eqversion:2.0

Trust: 0.6

vendor:trangomodel:giga lynxscope:eqversion:2.0

Trust: 0.6

vendor:trangomodel:stratalinkscope:eqversion:3.0

Trust: 0.6

vendor:trangomodel:apex lynxscope:eqversion:2.0

Trust: 0.6

vendor:trangomodel:systems stratalinkscope:eqversion:3.0

Trust: 0.3

vendor:trangomodel:systems gigaorionscope:eqversion:2.0

Trust: 0.3

vendor:trangomodel:systems gigalynxscope:eqversion:2.0

Trust: 0.3

vendor:trangomodel:systems apexorionscope:eqversion:2.0

Trust: 0.3

vendor:trangomodel:systems apexlynxscope:eqversion:2.0

Trust: 0.3

sources: BID: 97242 // JVNDB: JVNDB-2016-008190 // CNNVD: CNNVD-201703-1392 // NVD: CVE-2016-10307

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10307
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-10307
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201703-1392
value: CRITICAL

Trust: 0.6

VULHUB: VHN-89070
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-10307
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-89070
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-10307
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2016-10307
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-89070 // JVNDB: JVNDB-2016-008190 // CNNVD: CNNVD-201703-1392 // NVD: CVE-2016-10307

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-89070 // JVNDB: JVNDB-2016-008190 // NVD: CVE-2016-10307

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1392

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201703-1392

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008190

PATCH
title:Top Pageurl:http://support.trangosys.com/hc/en-us
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-008190

EXTERNAL IDS
db:NVDid:CVE-2016-10307
Trust: 2.8
db:BIDid:97242
Trust: 2.0
db:JVNDBid:JVNDB-2016-008190
Trust: 0.8
db:CNNVDid:CNNVD-201703-1392
Trust: 0.7
db:VULHUBid:VHN-89070
Trust: 0.1
sources:
            
            
            VULHUB: VHN-89070 // 
            
            
            
            BID: 97242 // 
            
            
            
            JVNDB: JVNDB-2016-008190 // 
            
            
            
            CNNVD: CNNVD-201703-1392 // 
            
            
            
            NVD: CVE-2016-10307

REFERENCES
url:http://www.securityfocus.com/bid/97242
Trust: 1.7
url:http://blog.iancaling.com/post/153011925478
Trust: 1.7
url:http://blog.iancaling.com/post/153011925478/trango-systems-hidden-root-account-vulnerability
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10307
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-10307
Trust: 0.8
url:https://www.trangosys.com/products/altum-series/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-89070 // 
            
            
            
            BID: 97242 // 
            
            
            
            JVNDB: JVNDB-2016-008190 // 
            
            
            
            CNNVD: CNNVD-201703-1392 // 
            
            
            
            NVD: CVE-2016-10307

CREDITS
iancaling.
Trust: 0.3
sources:
            
            
            BID: 97242

SOURCES
db:VULHUBid:VHN-89070
db:BIDid:97242
db:JVNDBid:JVNDB-2016-008190
db:CNNVDid:CNNVD-201703-1392
db:NVDid:CVE-2016-10307

LAST UPDATE DATE
2025-04-20T23:42:16.117000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-89070date:2017-04-04T00:00:00
db:BIDid:97242date:2017-04-04T00:02:00
db:JVNDBid:JVNDB-2016-008190date:2017-04-28T00:00:00
db:CNNVDid:CNNVD-201703-1392date:2021-05-06T00:00:00
db:NVDid:CVE-2016-10307date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-89070date:2017-03-30T00:00:00
db:BIDid:97242date:2017-03-29T00:00:00
db:JVNDBid:JVNDB-2016-008190date:2017-04-28T00:00:00
db:CNNVDid:CNNVD-201703-1392date:2017-03-31T00:00:00
db:NVDid:CVE-2016-10307date:2017-03-30T07:59:00.220