Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gotrango apex_plus_firmware |
||
gotrango apex_firmware |
||
gotrango apex_lynx_firmware |
||
gotrango apex_orion_firmware |
||
gotrango giga_firmware |
||
gotrango giga_lynx_firmware |
||
gotrango giga_orion_firmware |
||
gotrango giga_plus_firmware |
||
gotrango giga_pro_firmware |
||
gotrango stratalink_pro_firmware - |
||
gotrango stratalink_firmware |