VAR-201703-0101
Vulnerability from variot - Updated: 2025-04-20 23:20Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. Trango Altum AC600 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The TrangoAltumAC600 is an access point and client device for wireless Ethernet bridging applications and outdoor Wi-Fi/hotspot deployments at TrangoSystems, USA. Trango Altum AC600 Devices are prone to an insecure default-password vulnerability. This may aid in further attacks. All Trango Altum AC600 Devices are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0101",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a600",
"scope": "eq",
"trust": 1.6,
"vendor": "trango",
"version": null
},
{
"model": "systems altum ac600",
"scope": "eq",
"trust": 0.9,
"vendor": "trango",
"version": "0"
},
{
"model": "altum a600",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"db": "BID",
"id": "97241"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1393"
},
{
"db": "NVD",
"id": "CVE-2016-10306"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:trango:a600_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iancaling.",
"sources": [
{
"db": "BID",
"id": "97241"
}
],
"trust": 0.3
},
"cve": "CVE-2016-10306",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-10306",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-04550",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-89069",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-10306",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10306",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-10306",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-04550",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1393",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-89069",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"db": "VULHUB",
"id": "VHN-89069"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1393"
},
{
"db": "NVD",
"id": "CVE-2016-10306"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. Trango Altum AC600 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The TrangoAltumAC600 is an access point and client device for wireless Ethernet bridging applications and outdoor Wi-Fi/hotspot deployments at TrangoSystems, USA. Trango Altum AC600 Devices are prone to an insecure default-password vulnerability. This may aid in further attacks. \nAll Trango Altum AC600 Devices are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10306"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"db": "BID",
"id": "97241"
},
{
"db": "VULHUB",
"id": "VHN-89069"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10306",
"trust": 3.4
},
{
"db": "BID",
"id": "97241",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1393",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-04550",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-89069",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"db": "VULHUB",
"id": "VHN-89069"
},
{
"db": "BID",
"id": "97241"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1393"
},
{
"db": "NVD",
"id": "CVE-2016-10306"
}
]
},
"id": "VAR-201703-0101",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"db": "VULHUB",
"id": "VHN-89069"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04550"
}
]
},
"last_update_date": "2025-04-20T23:20:05.716000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Altum Series DATASHEET",
"trust": 0.8,
"url": "https://www.trangosys.com/support/documents/datasheets/Altum-AC-Datasheet.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89069"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"db": "NVD",
"id": "CVE-2016-10306"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97241"
},
{
"trust": 1.7,
"url": "http://blog.iancaling.com/post/153011925478"
},
{
"trust": 1.7,
"url": "http://blog.iancaling.com/post/155395764003"
},
{
"trust": 1.1,
"url": "http://blog.iancaling.com/post/155395764003/trango-altum-ac600-default-root-login"
},
{
"trust": 1.1,
"url": "http://blog.iancaling.com/post/153011925478/trango-systems-hidden-root-account-vulnerability"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10306"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10306"
},
{
"trust": 0.3,
"url": "https://www.trangosys.com/products/altum-series/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"db": "VULHUB",
"id": "VHN-89069"
},
{
"db": "BID",
"id": "97241"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1393"
},
{
"db": "NVD",
"id": "CVE-2016-10306"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"db": "VULHUB",
"id": "VHN-89069"
},
{
"db": "BID",
"id": "97241"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1393"
},
{
"db": "NVD",
"id": "CVE-2016-10306"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"date": "2017-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-89069"
},
{
"date": "2017-03-29T00:00:00",
"db": "BID",
"id": "97241"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1393"
},
{
"date": "2017-03-30T07:59:00.190000",
"db": "NVD",
"id": "CVE-2016-10306"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04550"
},
{
"date": "2017-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-89069"
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "97241"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008189"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1393"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-10306"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1393"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trango Altum AC600 Vulnerabilities related to the use of hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008189"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1393"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…