Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

DragonWave Horizon Hard-coded Credentials Vulnerability (multiple versions)

From: Ian Ling <iancling () gmail com>
Date: Thu, 6 Apr 2017 14:01:03 -0700
[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/159276197313

Vendor:
=================
http://www.dragonwaveinc.com/

Product:
======================
-DragonWave Horizon

Vulnerability Details:
=====================

DragonWave Horizon wireless radios have hard-coded login credentials meant
to allow the vendor to access the devices. These credentials can be used
via both Telnet and the web interface.

Vendor confirmed that this vulnerability is fixed in the latest software
version. It is unknown which version specifically contained the fix.

Affected versions:
-1.01.03
-Possibly others

Impact:
The remote attacker can view plaintext admin credentials, as well as make
configuration changes to the device.


Disclosure Timeline:
===================================
Vendor Notification: March 29, 2017
Vendor Response: March 30, 2017
Public Disclosure: April 6, 2017

Exploitation Technique:
=======================
Remote

Severity Level:
================
Critical

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: