Ceragon FibeAir IP-10 versions 7.2.0 and below suffer from a hidden user backdoor vulnerability.
19d0253d67bfd5628b69787c405f7a3c2992c6236010db3ca5711b8a3408d169Various Mimosa products suffer from denial of service, information leakage, code execution, and file disclosure vulnerabilities.
7a6b33948781fb136bf41b92bc58cc0a1e46942a8f3b19bcf9a9eab576873d05DragonWave Horizon version 1.01.03 suffers from having hardcoded credentials embedded in the device.
07fb435be21a3d69e7b704cc6f1844bf8bd4a0b4dcbf64c0fbf09ed42effb437Siklu Etherhaul versions prior to 7.4.0 suffer from an unauthenticated remote command execution vulnerability.
1488db4819cb3d631d5458d8303eb2a66ace7ffc1a16fa5a512858691028f7ceTrango Altum AC600 suffers from a default root login backdoor vulnerability.
44c364ece0c707809a6bd70b0e278c8be47ae538016c0266fb8f58dba9877a03Trango devices all have a built-in, hidden root account, with a default password that is the same across many devices and software revisions. This account is accessible via ssh and grants access to the underlying embedded unix OS on the device, allowing full control over it. Recent software updates for some models have changed this password, but have not removed this backdoor.
986abf819296c00b665c64e80363c5675da033cc02cc865611fe61a308c341d2FibeAir IP-10 devices do not properly ensure that a user has authenticated before granting them access to the web interface of the device. The attacker simply needs to add a cookie to their session named "ALBATROSS" with the value "0-4-11".
ba7a5b7f1fb1761939ce81f563c29620f9f70fcbfab7ade4b67161271701849e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed