mailing list archives
DragonWave Horizon Hard-coded Credentials Vulnerability (multiple versions)
From: Ian Ling <iancling () gmail com>
Date: Thu, 6 Apr 2017 14:01:03 -0700
[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/159276197313
DragonWave Horizon wireless radios have hard-coded login credentials meant
to allow the vendor to access the devices. These credentials can be used
via both Telnet and the web interface.
Vendor confirmed that this vulnerability is fixed in the latest software
version. It is unknown which version specifically contained the fix.
The remote attacker can view plaintext admin credentials, as well as make
configuration changes to the device.
Vendor Notification: March 29, 2017
Vendor Response: March 30, 2017
Public Disclosure: April 6, 2017
Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/
- DragonWave Horizon Hard-coded Credentials Vulnerability (multiple versions) Ian Ling (Apr 07)