In this thrilling sequel to the previous post about trying to block Youtube ads on a TCL Roku TV, I purchased a very cheap Hisense Android TV. The main reason for this was the existence of the Smart Youtube TV app, which blocks ads. Immediately, out of the box, the…
Our TCL Roku TV primarily exists to play Youtube videos. We recently noticed that it plays ads significantly more often than it used to, and much more frequently than our other Youtube viewing devices. The first step I took to block the ads was installing Pi-hole in a Docker container…
Ceragon FibeAir IP-10 wireless radios contain a hidden user account with a default password set by the vendor. This user can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device’s settings. However, when using SSH,…
Mimosa Client (e.g. C5) and Backhaul (e.g. B5) models (<2.2.4) are vulnerable to multiple vulnerabilities, including local file disclosure, remote command execution (RCE), information leakage, and denial-of-service (DoS) vulnerabilities. All vulnerabilities below affect versions <2.2.3, except for the last one (authenticated RCE…
DragonWave Horizon wireless radios have hard-coded login credentials meant to allow the vendor to access the devices. It affects version 1.01.03, but I am unable to determine exactly which version contains the fix for this vulnerability. The vendor has confirmed that this vulnerability is fixed in the latest…
Trango Altum AC600′s have a default root login that is accessible via both SSH and telnet by default. Logging in as root on this device gives you access to a Linux shell, granting you full control over the device. One of our Trango Altum AC600′s was infected by…
Siklu EtherHaul devices are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows an attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication. Siklu EtherHaul devices (wireless point-to-point radios) have a feature in the web interface that allows…
tl;dr: Trango devices all have a built-in, hidden root account, with a default password that is the same across many devices and software revisions. This account is accessible via ssh and grants access to the underlying embedded unix OS on the device, allowing full control over it. Recent software…