[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/159276197313

Vendor:
=================
http://www.dragonwaveinc.com/

Product:
======================
-DragonWave Horizon

Vulnerability Details:
=====================

DragonWave Horizon wireless radios have hard-coded login credentials meant
to allow the vendor to access the devices. These credentials can be used
via both Telnet and the web interface.

Vendor confirmed that this vulnerability is fixed in the latest software
version. It is unknown which version specifically contained the fix.

Affected versions:
-1.01.03
-Possibly others

Impact:
The remote attacker can view plaintext admin credentials, as well as make
configuration changes to the device.


Disclosure Timeline:
===================================
Vendor Notification: March 29, 2017
Vendor Response: March 30, 2017
Public Disclosure: April 6, 2017

Exploitation Technique:
=======================
Remote

Severity Level:
================
Critical