giga_firmware,giga_plus_firmware,apex_orion_firmware,giga_pro_firmware,apex_plus_firmware,giga_lynx_firmware,giga_orion_firmware,stratalink_firmware,apex_firmware,apex_lynx_firmware,stratalink_pro_firmware 弱配置漏洞
CVE编号
CVE-2016-10305利用情况
暂无补丁情况
N/A披露时间
2017-03-30漏洞描述
Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| http://blog.iancaling.com/post/153011925478 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | trango | apex_firmware | * | Up to (including) 2.1.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | trango | apex_lynx_firmware | * | Up to (including) 1.2.3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | trango | apex_orion_firmware | * | Up to (including) 1.2.3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | trango | apex_plus_firmware | * | Up to (including) 3.2.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | trango | giga_firmware | * | Up to (including) 2.6.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | trango | giga_lynx_firmware | * | Up to (including) 1.2.3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | trango | giga_orion_firmware | * | Up to (including) 1.2.3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | trango | giga_plus_firmware | * | Up to (including) 3.2.3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | trango | giga_pro_firmware | * | Up to (including) 1.4.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | trango | stratalink_firmware | * | Up to (including) 2.2.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | trango | stratalink_pro_firmware | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | trango | apex | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | trango | apex_lynx | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | trango | apex_orion | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | trango | apex_plus | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | trango | giga | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | trango | giga_lynx | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | trango | giga_orion | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | trango | giga_plus | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | trango | giga_pro | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | trango | stratalink | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | trango | stratalink_pro | - | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 高
- 完整性 高
| CWE-ID | 漏洞类型 |
| CWE-798 | 使用硬编码的凭证 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论