Search criteria
2 vulnerabilities found for stratalink by gotrango
VAR-201703-0102
Vulnerability from variot - Updated: 2025-04-20 23:42Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. plural Trango The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Trango devices are prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Prologix Trango Apex Lynx, etc. are all products of UAE Prologix company. Apex Lynx is an outdoor microwave backhaul system. Apex Orion is a full-duplex point-to-point radio link for use in Apex Lynx. A security vulnerability exists in several Prologix Trango products. The following products and versions are affected: Prologix Trango Apex Lynx Version 2.0, Apex Orion Version 2.0, Giga Lynx Version 2.0, Giga Orion Version 2.0, StrataLink Version 3.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0102",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "giga orion",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.0"
},
{
"model": "stratalink",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "3.0"
},
{
"model": "apex orion",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.0"
},
{
"model": "apex lynx",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.0"
},
{
"model": "giga lynx",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.0"
},
{
"model": "apex lynx",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apex orion",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga lynx",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga orion",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "stratalink",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apex orion",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.0"
},
{
"model": "giga orion",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.0"
},
{
"model": "giga lynx",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.0"
},
{
"model": "stratalink",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "3.0"
},
{
"model": "apex lynx",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.0"
},
{
"model": "systems stratalink",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "3.0"
},
{
"model": "systems gigaorion",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "2.0"
},
{
"model": "systems gigalynx",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "2.0"
},
{
"model": "systems apexorion",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "2.0"
},
{
"model": "systems apexlynx",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "97242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:trango:apex_lynx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:apex_orion_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:giga_lynx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:giga_orion_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:stratalink_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iancaling.",
"sources": [
{
"db": "BID",
"id": "97242"
}
],
"trust": 0.3
},
"cve": "CVE-2016-10307",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-10307",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-89070",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-10307",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-10307",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10307",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-10307",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1392",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-89070",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. plural Trango The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Trango devices are prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Prologix Trango Apex Lynx, etc. are all products of UAE Prologix company. Apex Lynx is an outdoor microwave backhaul system. Apex Orion is a full-duplex point-to-point radio link for use in Apex Lynx. A security vulnerability exists in several Prologix Trango products. The following products and versions are affected: Prologix Trango Apex Lynx Version 2.0, Apex Orion Version 2.0, Giga Lynx Version 2.0, Giga Orion Version 2.0, StrataLink Version 3.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10307"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "BID",
"id": "97242"
},
{
"db": "VULHUB",
"id": "VHN-89070"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10307",
"trust": 2.8
},
{
"db": "BID",
"id": "97242",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-89070",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "BID",
"id": "97242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"id": "VAR-201703-0102",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:42:16.117000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://support.trangosys.com/hc/en-us"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97242"
},
{
"trust": 1.7,
"url": "http://blog.iancaling.com/post/153011925478"
},
{
"trust": 1.1,
"url": "http://blog.iancaling.com/post/153011925478/trango-systems-hidden-root-account-vulnerability"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10307"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10307"
},
{
"trust": 0.3,
"url": "https://www.trangosys.com/products/altum-series/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "BID",
"id": "97242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "BID",
"id": "97242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-89070"
},
{
"date": "2017-03-29T00:00:00",
"db": "BID",
"id": "97242"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1392"
},
{
"date": "2017-03-30T07:59:00.220000",
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-89070"
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "97242"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"date": "2021-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1392"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Trango Vulnerabilities related to the use of hard-coded credentials in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
}
],
"trust": 0.6
}
}
VAR-201703-0100
Vulnerability from variot - Updated: 2025-04-20 23:25Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. plural Trango The product contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. Prologix Trango Apex Lynx, etc. are all products of UAE Prologix company. Apex Lynx is an outdoor microwave backhaul system. Apex Orion is a full-duplex point-to-point radio link for use in Apex Lynx. A security vulnerability exists in several Prologix Trango products. The following products and versions are affected: Prologix Trango Apex 2.1.1 and prior; Apex Lynx 2.0 and prior; Apex Orion 2.0 and prior; ApexPlus 3.2.0 and prior; Giga 2.6.1 and prior; Giga Lynx 2.0 and earlier; Giga Orion 2.0 and earlier; GigaPlus 3.2.3 and earlier; GigaPro 1.4.1 and earlier; StrataLink 3.0 and earlier; StrataPro
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0100",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "apex plus",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "3.2.0"
},
{
"model": "giga pro",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.4.1"
},
{
"model": "stratalink",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.2.0"
},
{
"model": "giga plus",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "3.2.3"
},
{
"model": "giga lynx",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.2.3"
},
{
"model": "giga",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.6.1"
},
{
"model": "apex orion",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.2.3"
},
{
"model": "giga orion",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.2.3"
},
{
"model": "apex lynx",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.2.3"
},
{
"model": "stratalink pro",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": null
},
{
"model": "apex",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.1.1"
},
{
"model": "apex lynx",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apex orion",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apex",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apexplus",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga lynx",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga orion",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga plus",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga pro",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "stratalink pro",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "stratalink",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga plus",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "3.2.3"
},
{
"model": "apex orion",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.2.3"
},
{
"model": "giga orion",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.2.3"
},
{
"model": "giga lynx",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.2.3"
},
{
"model": "stratalink pro",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": null
},
{
"model": "stratalink",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.2.0"
},
{
"model": "giga pro",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.4.1"
},
{
"model": "apex lynx",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.2.3"
},
{
"model": "apex",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.1.1"
},
{
"model": "giga",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.6.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:trango:apex_lynx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:apex_orion_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:apex_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:apex_plus_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:giga_lynx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:giga_orion_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:giga_plus_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:giga_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:giga_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:stratalink_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:stratalink_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
}
]
},
"cve": "CVE-2016-10305",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-10305",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-89068",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-10305",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-10305",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10305",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-10305",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1394",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-89068",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trango Apex \u003c= 2.1.1, ApexLynx \u003c 2.0, ApexOrion \u003c 2.0, ApexPlus \u003c= 3.2.0, Giga \u003c= 2.6.1, GigaLynx \u003c 2.0, GigaOrion \u003c 2.0, GigaPlus \u003c= 3.2.3, GigaPro \u003c= 1.4.1, StrataLink \u003c 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. plural Trango The product contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. Prologix Trango Apex Lynx, etc. are all products of UAE Prologix company. Apex Lynx is an outdoor microwave backhaul system. Apex Orion is a full-duplex point-to-point radio link for use in Apex Lynx. A security vulnerability exists in several Prologix Trango products. The following products and versions are affected: Prologix Trango Apex 2.1.1 and prior; Apex Lynx 2.0 and prior; Apex Orion 2.0 and prior; ApexPlus 3.2.0 and prior; Giga 2.6.1 and prior; Giga Lynx 2.0 and earlier; Giga Orion 2.0 and earlier; GigaPlus 3.2.3 and earlier; GigaPro 1.4.1 and earlier; StrataLink 3.0 and earlier; StrataPro",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10305"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "VULHUB",
"id": "VHN-89068"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10305",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-89068",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"id": "VAR-201703-0100",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:25:06.492000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://support.trangosys.com/hc/en-us"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://blog.iancaling.com/post/153011925478"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10305"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10305"
},
{
"trust": 0.8,
"url": "http://blog.iancaling.com/post/153011925478/trango-systems-hidden-root-account-vulnerability"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-89068"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1394"
},
{
"date": "2017-03-30T07:59:00.143000",
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-89068"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"date": "2021-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1394"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Trango Vulnerability in using hard-coded credentials in product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
}
],
"trust": 0.6
}
}