what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Trango Systems Backdoor Root Account

Trango Systems Backdoor Root Account
Posted Nov 12, 2016
Authored by Ian Ling

Trango devices all have a built-in, hidden root account, with a default password that is the same across many devices and software revisions. This account is accessible via ssh and grants access to the underlying embedded unix OS on the device, allowing full control over it. Recent software updates for some models have changed this password, but have not removed this backdoor.

tags | exploit, root
systems | unix
SHA-256 | 986abf819296c00b665c64e80363c5675da033cc02cc865611fe61a308c341d2

Trango Systems Backdoor Root Account

Change Mirror Download
[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/153011925478/

Vendor:
=================
www.trangosys.com

Products:
======================
All models. Newer versions use a different password.

Vulnerability Type:
===================
Default Root Account

CVE Reference:
==============
N/A

Vulnerability Details:
=====================

Trango devices all have a built-in, hidden root account, with a default
password that is the same across many devices and software revisions.
This account is accessible via ssh and grants access to the underlying
embedded unix OS on the device, allowing full control over it. Recent
software updates for some models have changed this password, but have
not removed this backdoor. See source above for details on how the
password was found.

The particular password I found is 9 characters, all lowercase, no
numbers: "bakergiga"
Their support team informed me that there is a different password on
newer devices.

The password I found works on the following devices:

-Apex <= 2.1.1 (latest)
-ApexLynx < 2.0
-ApexOrion < 2.0
-ApexPlus <= 3.2.0 (latest)
-Giga <= 2.6.1 (latest)
-GigaLynx < 2.0
-GigaOrion < 2.0
-GigaPlus <= 3.2.3 (latest)
-GigaPro <= 1.4.1 (latest)
-StrataLink < 3.0
-StrataPro - all versions?

Impact:
The remote attacker has full control over the device, including shell
access. This can lead to packet sniffing and tampering, bricking the
device, and use in botnets.


Disclosure Timeline:
===================================
Vendor Notification: October 7, 2016
Public Disclosure: November 10, 2016

Exploitation Technique:
=======================
Remote

Severity Level:
================
Critical


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close