Vulnerability Details CVE-2016-10307
Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2016-10307
-
cpe:2.3:h:gotrango:apex_lynx:-
-
cpe:2.3:h:gotrango:apex_orion:-
-
cpe:2.3:h:gotrango:giga_lynx:-
-
cpe:2.3:h:gotrango:giga_orion:-
-
cpe:2.3:h:gotrango:stratalink:-
-
cpe:2.3:o:gotrango:apex_lynx_firmware:2.0
-
cpe:2.3:o:gotrango:apex_orion_firmware:2.0
-
cpe:2.3:o:gotrango:giga_lynx_firmware:2.0
-
cpe:2.3:o:gotrango:giga_orion_firmware:2.0
-
cpe:2.3:o:gotrango:stratalink_firmware:2.2.0
-
cpe:2.3:o:gotrango:stratalink_firmware:3.0