Ceragon FibeAir IP-10 wireless radios contain a hidden user account with a default password set by the vendor. This user can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device’s settings. However, when using SSH,…
Mimosa Client (e.g. C5) and Backhaul (e.g. B5) models (<2.2.4) are vulnerable to multiple vulnerabilities, including local file disclosure, remote command execution (RCE), information leakage, and denial-of-service (DoS) vulnerabilities.All vulnerabilities below affect versions <2.2.3, except for the last one (authenticated RCE…
DragonWave Horizon wireless radios have hard-coded login credentials meant to allow the vendor to access the devices.It affects version 1.01.03, but I am unable to determine exactly which version contains the fix for this vulnerability. The vendor has confirmed that this vulnerability is fixed in the latest…
Trango Altum AC600′s have a default root login that is accessible via both SSH and telnet by default. Logging in as root on this device gives you access to a Linux shell, granting you full control over the device.One of our Trango Altum AC600′s was infected by…
Siklu EtherHaul devices are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows an attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.Siklu EtherHaul devices (wireless point-to-point radios) have a feature in the web interface that allows…
tl;dr: Trango devices all have a built-in, hidden root account, with a default password that is the same across many devices and software revisions. This account is accessible via ssh and grants access to the underlying embedded unix OS on the device, allowing full control over it. Recent software…
Vendor:=================www.ceragon.comProduct:======================-FibeAir IP-10 (<7.2.0)Vulnerability Type:===================Authentication BypassVulnerability Details:=====================Ceragon FibeAir IP-10 devices do not properly ensure that a user has authenticated before granting them access to the web interface of the device. The attacker simply needs to add a cookie to their session…
tl;dr: Siklu EtherHaul radios have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both ssh and the device’s web interface and grants access to the underlying embedded Linux OS on the device, allowing full control…