VAR-201703-0100
Vulnerability from variot - Updated: 2025-04-20 23:25Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. plural Trango The product contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. Prologix Trango Apex Lynx, etc. are all products of UAE Prologix company. Apex Lynx is an outdoor microwave backhaul system. Apex Orion is a full-duplex point-to-point radio link for use in Apex Lynx. A security vulnerability exists in several Prologix Trango products. The following products and versions are affected: Prologix Trango Apex 2.1.1 and prior; Apex Lynx 2.0 and prior; Apex Orion 2.0 and prior; ApexPlus 3.2.0 and prior; Giga 2.6.1 and prior; Giga Lynx 2.0 and earlier; Giga Orion 2.0 and earlier; GigaPlus 3.2.3 and earlier; GigaPro 1.4.1 and earlier; StrataLink 3.0 and earlier; StrataPro
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0100",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "apex plus",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "3.2.0"
},
{
"model": "giga pro",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.4.1"
},
{
"model": "stratalink",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.2.0"
},
{
"model": "giga plus",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "3.2.3"
},
{
"model": "giga lynx",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.2.3"
},
{
"model": "giga",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.6.1"
},
{
"model": "apex orion",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.2.3"
},
{
"model": "giga orion",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.2.3"
},
{
"model": "apex lynx",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "1.2.3"
},
{
"model": "stratalink pro",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": null
},
{
"model": "apex",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.1.1"
},
{
"model": "apex lynx",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apex orion",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apex",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apexplus",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga lynx",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga orion",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga plus",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga pro",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "stratalink pro",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "stratalink",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga plus",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "3.2.3"
},
{
"model": "apex orion",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.2.3"
},
{
"model": "giga orion",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.2.3"
},
{
"model": "giga lynx",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.2.3"
},
{
"model": "stratalink pro",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": null
},
{
"model": "stratalink",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.2.0"
},
{
"model": "giga pro",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.4.1"
},
{
"model": "apex lynx",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "1.2.3"
},
{
"model": "apex",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.1.1"
},
{
"model": "giga",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.6.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:trango:apex_lynx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:apex_orion_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:apex_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:apex_plus_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:giga_lynx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:giga_orion_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:giga_plus_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:giga_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:giga_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:stratalink_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:stratalink_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
}
]
},
"cve": "CVE-2016-10305",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-10305",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-89068",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-10305",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-10305",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10305",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-10305",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1394",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-89068",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trango Apex \u003c= 2.1.1, ApexLynx \u003c 2.0, ApexOrion \u003c 2.0, ApexPlus \u003c= 3.2.0, Giga \u003c= 2.6.1, GigaLynx \u003c 2.0, GigaOrion \u003c 2.0, GigaPlus \u003c= 3.2.3, GigaPro \u003c= 1.4.1, StrataLink \u003c 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. plural Trango The product contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. Prologix Trango Apex Lynx, etc. are all products of UAE Prologix company. Apex Lynx is an outdoor microwave backhaul system. Apex Orion is a full-duplex point-to-point radio link for use in Apex Lynx. A security vulnerability exists in several Prologix Trango products. The following products and versions are affected: Prologix Trango Apex 2.1.1 and prior; Apex Lynx 2.0 and prior; Apex Orion 2.0 and prior; ApexPlus 3.2.0 and prior; Giga 2.6.1 and prior; Giga Lynx 2.0 and earlier; Giga Orion 2.0 and earlier; GigaPlus 3.2.3 and earlier; GigaPro 1.4.1 and earlier; StrataLink 3.0 and earlier; StrataPro",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10305"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "VULHUB",
"id": "VHN-89068"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10305",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-89068",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"id": "VAR-201703-0100",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:25:06.492000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://support.trangosys.com/hc/en-us"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://blog.iancaling.com/post/153011925478"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10305"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10305"
},
{
"trust": 0.8,
"url": "http://blog.iancaling.com/post/153011925478/trango-systems-hidden-root-account-vulnerability"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-89068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
},
{
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-89068"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1394"
},
{
"date": "2017-03-30T07:59:00.143000",
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-89068"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008188"
},
{
"date": "2021-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1394"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-10305"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Trango Vulnerability in using hard-coded credentials in product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008188"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1394"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…