Ceragon FibeAir IP-10 versions 7.2.0 and below suffer from a hidden user backdoor vulnerability.
19d0253d67bfd5628b69787c405f7a3c2992c6236010db3ca5711b8a3408d169
Various Mimosa products suffer from denial of service, information leakage, code execution, and file disclosure vulnerabilities.
7a6b33948781fb136bf41b92bc58cc0a1e46942a8f3b19bcf9a9eab576873d05
DragonWave Horizon version 1.01.03 suffers from having hardcoded credentials embedded in the device.
07fb435be21a3d69e7b704cc6f1844bf8bd4a0b4dcbf64c0fbf09ed42effb437
Siklu Etherhaul versions prior to 7.4.0 suffer from an unauthenticated remote command execution vulnerability.
1488db4819cb3d631d5458d8303eb2a66ace7ffc1a16fa5a512858691028f7ce
Trango Altum AC600 suffers from a default root login backdoor vulnerability.
44c364ece0c707809a6bd70b0e278c8be47ae538016c0266fb8f58dba9877a03
Trango devices all have a built-in, hidden root account, with a default password that is the same across many devices and software revisions. This account is accessible via ssh and grants access to the underlying embedded unix OS on the device, allowing full control over it. Recent software updates for some models have changed this password, but have not removed this backdoor.
986abf819296c00b665c64e80363c5675da033cc02cc865611fe61a308c341d2
FibeAir IP-10 devices do not properly ensure that a user has authenticated before granting them access to the web interface of the device. The attacker simply needs to add a cookie to their session named "ALBATROSS" with the value "0-4-11".
ba7a5b7f1fb1761939ce81f563c29620f9f70fcbfab7ade4b67161271701849e