Full Disclosure mailing list archives
DragonWave Horizon Hard-coded Credentials Vulnerability (multiple versions)
From: Ian Ling <iancling () gmail com>
Date: Thu, 6 Apr 2017 14:01:03 -0700
[+] Credits: Ian Ling [+] Website: iancaling.com [+] Source: http://blog.iancaling.com/post/159276197313 Vendor: ================= http://www.dragonwaveinc.com/ Product: ====================== -DragonWave Horizon Vulnerability Details: ===================== DragonWave Horizon wireless radios have hard-coded login credentials meant to allow the vendor to access the devices. These credentials can be used via both Telnet and the web interface. Vendor confirmed that this vulnerability is fixed in the latest software version. It is unknown which version specifically contained the fix. Affected versions: -1.01.03 -Possibly others Impact: The remote attacker can view plaintext admin credentials, as well as make configuration changes to the device. Disclosure Timeline: =================================== Vendor Notification: March 29, 2017 Vendor Response: March 30, 2017 Public Disclosure: April 6, 2017 Exploitation Technique: ======================= Remote Severity Level: ================ Critical _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- DragonWave Horizon Hard-coded Credentials Vulnerability (multiple versions) Ian Ling (Apr 07)