CVE-2015-0936

Ceragon FibeAir IP-10 have a default SSH public key in the authorizedkeys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key...

CVE-2015-0936

Ceragon FibeAir IP-10 devices are affected by CVE-2015-0936 due to a static SSH keypair for the mateidu user shipped with the device. The public/private key enables passwordless SSH authentication, allowing remote access to the device if the private key is known. Available connected documents cor...

CVE-2017-9137

Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...

Default credentials

Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...

CVE-2017-9137

Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...

CVE-2017-9137

CVE-2017-9137 affects Ceragon FibeAir IP-10 wireless radios up to version 7.2.0, where the hidden mateidu account has a default password. The mateidu account can be accessed via both the web interface (read-only access) and SSH (Linux shell access), enabling an attacker to reach device settings o...

Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor Vulnerability

Exploit for hardware platform in category web applications + Credits: Ian Ling + Website: iancaling.com + Source: http://blog.iancaling.com/post/160817658078 Vendor: ================= https://www.ceragon.com Products: ====================== Ceragon FibeAir IP-10 =7.2.0 latest version Vulnerabilit...

Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor

Credits: Ian Ling + Website: iancaling.com + Source: http://blog.iancaling.com/post/160817658078 Vendor: ================= https://www.ceragon.com Products: ====================== Ceragon FibeAir IP-10 =7.2.0 latest version Vulnerability Types: =================== Hidden User Backdoor...

Authentication flaw

In the GUI of Ceragon FibeAir IP-10 before 7.2.0 devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser...

CVE-2016-10309

CVE-2016-10309 affects Ceragon FibeAir IP-10 devices with firmware older than 7.2.0. A remote attacker can bypass GUI authentication by sending a browser cookie named ALBATROSS with value 0-4-11, enabling access without credentials. NVD CVSS: 3.0/9.8 (CRITICAL; NETWORK, LOW attack complexity, no ...

Ceragon FibeAir IP-10 - SSH Private Key Exposure Exploit

Exploit for linux platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'net/ssh' class MetasploitModule 'Ceragon FibeAir IP-10 SSH Private Key Exposure',...

Ceragon FibeAir IP-10 Authentication Bypass Vulnerability

The Ceragon FibeAir IP-10 is a wireless microwave transmission device from Ceragon Israel. An authentication bypass vulnerability exists in Ceragon FibeAir IP-10 versions prior to 7.2.0, which can be exploited by an attacker to bypass the authentication mechanism and perform unauthorized operatio...

FibeAir IP-10 Authentication Bypass

Credits: Ian Ling + Website: iancaling.com Vendor: ================= www.ceragon.com Product: ====================== -FibeAir IP-10 Vulnerability Type: =================== Default Root Account CVE Reference: ============== N/A Vulnerability Details: ===================== Ceragon FibeAir IP-10...

Ceragon FibeAir IP-10 SSH Private Key Exposure Exploit

This Metasploit module exploits the fact that Ceragon ships a public/private key pair on FibeAir IP-10 devices that allows passwordless authentication to any other IP-10 device. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "mateidu" user...

Ceragon FibeAir IP-10 SSH Private Key Exposure Vulnerability

Ceragon FibeAir IP-10 suffers from an SSH private key exposure vulnerability. Ceragon FibeAir IP-10 SSH Private Key Exposure CVE-2015-0936 Product Description Ceragon produces a series of ruggedized, microwave backhaul devices used to provide connectivity to mobile, IP-based devices; usually, the...

Ceragon FibeAir IP-10 SSH Private Key Exposure

Ceragon FibeAir IP-10 SSH Private Key Exposure CVE-2015-0936 Product Description Ceragon produces a series of ruggedized, microwave backhaul devices used to provide connectivity to mobile, IP-based devices; usually, these devices are found in either large industrial environments, or installed on...

Ceragon FibeAir IP-10 SSH Private Key Exposure

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'net/ssh' class Metasploit3 'Ceragon FibeAir IP-10 SSH Private Key Exposure', 'Description' = %q Ceragon ships a public/private key pair on...

Ceragon FibeAir IP-10 SSH Private Key Exposure

Ceragon ships a public/private key pair on FibeAir IP-10 devices that allows passwordless authentication to any other IP-10 device. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "mateidu" user. This module requires Metasploit:...

Ceragon FibeAir IP-10 - SSH Private Key Exposure (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'net/ssh' class MetasploitModule 'Ceragon FibeAir IP-10 SSH Private Key Exposure', 'Description' = %q Ceragon ships a public/private key pair o...

Ceragon Networks Microwave Bridges Root Password Discovered

The Department of Homeland security warned users of Ceragon Networks microwave bridges that the devices contain an undocumented root password. The advisory said Ceragon FibeAir IP-10 Microwave Bridges can be accessed remotely. “The root account can be accessed through ssh, telnet, command line...