下面是原始网页http://seclists.org/fulldisclosure/2017/Apr/39的快照。安全客与该网页作者无关,不对其内容负责。 刷新快照
Full Disclosure: DragonWave Horizon Hard-coded Credentials Vulnerability (multiple versions)
Home page logo

Full Disclosure mailing list archives

DragonWave Horizon Hard-coded Credentials Vulnerability (multiple versions)
From: Ian Ling <iancling () gmail com>
Date: Thu, 6 Apr 2017 14:01:03 -0700

[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/159276197313

Vendor:
=================
http://www.dragonwaveinc.com/

Product:
======================
-DragonWave Horizon

Vulnerability Details:
=====================

DragonWave Horizon wireless radios have hard-coded login credentials meant
to allow the vendor to access the devices. These credentials can be used
via both Telnet and the web interface.

Vendor confirmed that this vulnerability is fixed in the latest software
version. It is unknown which version specifically contained the fix.

Affected versions:
-1.01.03
-Possibly others

Impact:
The remote attacker can view plaintext admin credentials, as well as make
configuration changes to the device.


Disclosure Timeline:
===================================
Vendor Notification: March 29, 2017
Vendor Response: March 30, 2017
Public Disclosure: April 6, 2017

Exploitation Technique:
=======================
Remote

Severity Level:
================
Critical

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


  By Date           By Thread  

Current thread:
  • DragonWave Horizon Hard-coded Credentials Vulnerability (multiple versions) Ian Ling (Apr 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]