Lucene search
K

Trango Systems Backdoor Root Account

🗓️ 12 Nov 2016 00:00:00Reported by Ian LingType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 37 Views

Trango Systems backdoor root account, default password "bakergiga" found on multiple devices granting full control to remote attackers

Code
`[+] Credits: Ian Ling  
[+] Website: iancaling.com  
[+] Source: http://blog.iancaling.com/post/153011925478/  
  
Vendor:  
=================  
www.trangosys.com  
  
Products:  
======================  
All models. Newer versions use a different password.  
  
Vulnerability Type:  
===================  
Default Root Account  
  
CVE Reference:  
==============  
N/A  
  
Vulnerability Details:  
=====================  
  
Trango devices all have a built-in, hidden root account, with a default   
password that is the same across many devices and software revisions.   
This account is accessible via ssh and grants access to the underlying   
embedded unix OS on the device, allowing full control over it. Recent   
software updates for some models have changed this password, but have   
not removed this backdoor. See source above for details on how the   
password was found.  
  
The particular password I found is 9 characters, all lowercase, no   
numbers: "bakergiga"  
Their support team informed me that there is a different password on   
newer devices.  
  
The password I found works on the following devices:  
  
-Apex <= 2.1.1 (latest)  
-ApexLynx < 2.0  
-ApexOrion < 2.0  
-ApexPlus <= 3.2.0 (latest)  
-Giga <= 2.6.1 (latest)  
-GigaLynx < 2.0  
-GigaOrion < 2.0  
-GigaPlus <= 3.2.3 (latest)  
-GigaPro <= 1.4.1 (latest)  
-StrataLink < 3.0  
-StrataPro - all versions?  
  
Impact:  
The remote attacker has full control over the device, including shell   
access. This can lead to packet sniffing and tampering, bricking the   
device, and use in botnets.  
  
  
Disclosure Timeline:  
===================================  
Vendor Notification: October 7, 2016  
Public Disclosure: November 10, 2016  
  
Exploitation Technique:  
=======================  
Remote  
  
Severity Level:  
================  
Critical  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation