CVE-2016-10307

Name of the Vulnerable Software and Affected Versions Trango ApexLynx version 2.0 Trango ApexOrion version 2.0 Trango GigaLynx version 2.0 Trango GigaOrion version 2.0 Trango StrataLink version 3.0

Description The issue concerns a built-in, hidden root account with a default password, accessible via SSH and/or TELNET, granting full control over the underlying embedded UNIX OS on the device. This allows a remote attacker to gain access to the device's operating system with administrative privileges using SSH or Telnet connection.

Recommendations For Trango ApexLynx version 2.0, consider disabling the root account or changing the default password to prevent exploitation. For Trango ApexOrion version 2.0, restrict access to the device via SSH and TELNET to minimize the risk of exploitation. For Trango GigaLynx version 2.0, avoid using the default password for the root account until a patch is available. For Trango GigaOrion version 2.0, limit access to the device's operating system to prevent unauthorized access. For Trango StrataLink version 3.0, disable the root account or change the default password to prevent exploitation.