VAR-201703-0102
Vulnerability from variot - Updated: 2025-04-20 23:42Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. plural Trango The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Trango devices are prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Prologix Trango Apex Lynx, etc. are all products of UAE Prologix company. Apex Lynx is an outdoor microwave backhaul system. Apex Orion is a full-duplex point-to-point radio link for use in Apex Lynx. A security vulnerability exists in several Prologix Trango products. The following products and versions are affected: Prologix Trango Apex Lynx Version 2.0, Apex Orion Version 2.0, Giga Lynx Version 2.0, Giga Orion Version 2.0, StrataLink Version 3.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0102",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "giga orion",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.0"
},
{
"model": "stratalink",
"scope": "lte",
"trust": 1.0,
"vendor": "gotrango",
"version": "3.0"
},
{
"model": "apex orion",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.0"
},
{
"model": "apex lynx",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.0"
},
{
"model": "giga lynx",
"scope": "eq",
"trust": 1.0,
"vendor": "gotrango",
"version": "2.0"
},
{
"model": "apex lynx",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apex orion",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga lynx",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "giga orion",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "stratalink",
"scope": null,
"trust": 0.8,
"vendor": "trango",
"version": null
},
{
"model": "apex orion",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.0"
},
{
"model": "giga orion",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.0"
},
{
"model": "giga lynx",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.0"
},
{
"model": "stratalink",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "3.0"
},
{
"model": "apex lynx",
"scope": "eq",
"trust": 0.6,
"vendor": "trango",
"version": "2.0"
},
{
"model": "systems stratalink",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "3.0"
},
{
"model": "systems gigaorion",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "2.0"
},
{
"model": "systems gigalynx",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "2.0"
},
{
"model": "systems apexorion",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "2.0"
},
{
"model": "systems apexlynx",
"scope": "eq",
"trust": 0.3,
"vendor": "trango",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "97242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:trango:apex_lynx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:apex_orion_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:giga_lynx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:giga_orion_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trango:stratalink_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iancaling.",
"sources": [
{
"db": "BID",
"id": "97242"
}
],
"trust": 0.3
},
"cve": "CVE-2016-10307",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-10307",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-89070",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-10307",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-10307",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10307",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-10307",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1392",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-89070",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. plural Trango The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Trango devices are prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Prologix Trango Apex Lynx, etc. are all products of UAE Prologix company. Apex Lynx is an outdoor microwave backhaul system. Apex Orion is a full-duplex point-to-point radio link for use in Apex Lynx. A security vulnerability exists in several Prologix Trango products. The following products and versions are affected: Prologix Trango Apex Lynx Version 2.0, Apex Orion Version 2.0, Giga Lynx Version 2.0, Giga Orion Version 2.0, StrataLink Version 3.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10307"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "BID",
"id": "97242"
},
{
"db": "VULHUB",
"id": "VHN-89070"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10307",
"trust": 2.8
},
{
"db": "BID",
"id": "97242",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-89070",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "BID",
"id": "97242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"id": "VAR-201703-0102",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:42:16.117000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://support.trangosys.com/hc/en-us"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97242"
},
{
"trust": 1.7,
"url": "http://blog.iancaling.com/post/153011925478"
},
{
"trust": 1.1,
"url": "http://blog.iancaling.com/post/153011925478/trango-systems-hidden-root-account-vulnerability"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10307"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10307"
},
{
"trust": 0.3,
"url": "https://www.trangosys.com/products/altum-series/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "BID",
"id": "97242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-89070"
},
{
"db": "BID",
"id": "97242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
},
{
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-89070"
},
{
"date": "2017-03-29T00:00:00",
"db": "BID",
"id": "97242"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1392"
},
{
"date": "2017-03-30T07:59:00.220000",
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-89070"
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "97242"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008190"
},
{
"date": "2021-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1392"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-10307"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Trango Vulnerabilities related to the use of hard-coded credentials in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008190"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1392"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…