One good thing about the Ubiquiti worm(s) is that any network operator who lacked the sense or experience to do so has hopefully fixed things up.
On Sat, Nov 12, 2016 at 7:53 AM, Simon Westlake <[email protected]> wrote: > Hopefully everyone has their management subnets firewalled away from any > unauthorized users.. > > > On 11/12/2016 6:09 AM, Paul Stewart wrote: > > Yikes…. > > > > [+] Credits: Ian Ling > [+] Website: iancaling.com > [+] Source: http://blog.iancaling.com/post/153011925478/ > > Vendor: > ================= > www.trangosys.com > > Products: > ====================== > All models. Newer versions use a different password. > > Vulnerability Type: > =================== > Default Root Account > > CVE Reference: > ============== > N/A > > Vulnerability Details: > ===================== > > Trango devices all have a built-in, hidden root account, with a default > password that is the same across many devices and software revisions. This > account is accessible via ssh and grants access to the underlying embedded > unix OS on the device, allowing full control over it. Recent software > updates for some models have changed this password, but have not removed > this backdoor. See source above for details on how the password was found. > > The particular password I found is 9 characters, all lowercase, no > numbers: "bakergiga" > Their support team informed me that there is a different password on newer > devices. > > The password I found works on the following devices: > > -Apex <= 2.1.1 (latest) > -ApexLynx < 2.0 > -ApexOrion < 2.0 > -ApexPlus <= 3.2.0 (latest) > -Giga <= 2.6.1 (latest) > -GigaLynx < 2.0 > -GigaOrion < 2.0 > -GigaPlus <= 3.2.3 (latest) > -GigaPro <= 1.4.1 (latest) > -StrataLink < 3.0 > -StrataPro - all versions? > > Impact: > The remote attacker has full control over the device, including shell > access. This can lead to packet sniffing and tampering, bricking the > device, and use in botnets. > > > Disclosure Timeline: > =================================== > Vendor Notification: October 7, 2016 > Public Disclosure: November 10, 2016 > > Exploitation Technique: > ======================= > Remote > > Severity Level: > ================ > Critical > > > -- > Simon Westlake > Skype: Simon_Sonar > Email: [email protected] > Phone: (702) 447-1247 > --------------------------- > Sonar Software Inc > The future of ISP billing and OSShttps://sonar.software > >
