The vulnerability of microprogrammed software in switching equipment such as GigaOrion and GigaLynx, as well as external switching modules like ApexLynx, ApexOrion, and StrataLink, stems from the use of pre-installed user accounts. This allows a malicious individual to gain access to the embedded operating system with administrator privileges.

The vulnerability of microprogrammed switching equipment such as GigaOrion and GigaLynx, as well as external switching modules like ApexLynx, ApexOrion, and StrataLink, is related to the use of a pre-installed root account. Exploiting this vulnerability allows an attacker operating remotely to ga...

Default credentials

Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public but the cleartext value is perhaps not yet public. This account is accessible via SSH and/or TELNET, and...

CVE-2016-10305

The CVE-2016-10305 entry affects Trango devices (Apex series, Giga/Strata lines) with a built-in hidden root account and a default password that was once stored in cleartext in a software update package on a Trango FTP server. This account can be accessed via SSH/TELNET and provides access to the...

CVE-2016-10307

The CVE-2016-10307 entry concerns Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 embedded devices. A built-in hidden root account with a default password is present; the MD5 hash of that password is public, and the cleartext may not be publicly known. This acc...