Vulnerability Details CVE-2016-10305
Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Products affected by CVE-2016-10305
-
cpe:2.3:h:gotrango:apex:-
-
cpe:2.3:h:gotrango:apex_lynx:-
-
cpe:2.3:h:gotrango:apex_orion:-
-
cpe:2.3:h:gotrango:apex_plus:-
-
cpe:2.3:h:gotrango:giga:-
-
cpe:2.3:h:gotrango:giga_lynx:-
-
cpe:2.3:h:gotrango:giga_orion:-
-
cpe:2.3:h:gotrango:giga_plus:-
-
cpe:2.3:h:gotrango:giga_pro:-
-
cpe:2.3:h:gotrango:stratalink:-
-
cpe:2.3:h:gotrango:stratalink_pro:-
-
cpe:2.3:o:gotrango:apex_firmware:2.1.1
-
cpe:2.3:o:gotrango:apex_lynx_firmware:1.2.3
-
cpe:2.3:o:gotrango:apex_orion_firmware:1.2.3
-
cpe:2.3:o:gotrango:apex_plus_firmware:3.2.0
-
cpe:2.3:o:gotrango:giga_firmware:2.6.1
-
cpe:2.3:o:gotrango:giga_lynx_firmware:1.2.3
-
cpe:2.3:o:gotrango:giga_orion_firmware:1.2.3
-
cpe:2.3:o:gotrango:giga_plus_firmware:3.2.3
-
cpe:2.3:o:gotrango:giga_pro_firmware:1.4.1
-
cpe:2.3:o:gotrango:stratalink_firmware:2.2.0
-
cpe:2.3:o:gotrango:stratalink_pro_firmware:-