DragonWave Horizon version 1.01.03 suffers from having hardcoded credentials embedded in the device.
07fb435be21a3d69e7b704cc6f1844bf8bd4a0b4dcbf64c0fbf09ed42effb437
[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/159276197313
Vendor:
=================
http://www.dragonwaveinc.com/
Product:
======================
-DragonWave Horizon
Vulnerability Details:
=====================
DragonWave Horizon wireless radios have hard-coded login credentials meant
to allow the vendor to access the devices. These credentials can be used
via both Telnet and the web interface.
Vendor confirmed that this vulnerability is fixed in the latest software
version. It is unknown which version specifically contained the fix.
Affected versions:
-1.01.03
-Possibly others
Impact:
The remote attacker can view plaintext admin credentials, as well as make
configuration changes to the device.
Disclosure Timeline:
===================================
Vendor Notification: March 29, 2017
Vendor Response: March 30, 2017
Public Disclosure: April 6, 2017
Exploitation Technique:
=======================
Remote
Severity Level:
================
Critical