137 matches found
CVE-2023-38324
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...
DEBIAN-CVE-2023-38324
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...
openNDS Security Vulnerabilities
openNDS is a high-performance, small footprint portal system from openNDS open source. A security vulnerability exists in versions prior to openNDS 10.1.2 that originates from allowing a user to skip the startup page sequence when the default FAS key is used and OpenNDS is configured for FAS...
CVE-2023-45194
Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 -D/-K/-S/-DK/-DKS/-M/-W firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communicati...
Deyue Remote Vehicle Management System Code Issue Vulnerability
Deyue Remote Vehicle Management System is a remote vehicle management system. A code issue vulnerability exists in Deyue Remote Vehicle Management System v1.1, which stems from the use of the Shiro framework, which uses a default key that can be deserialized using Shiro to gain system privileges...
ONLYOFFICE 授权问题漏洞
Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in all versions of ONLYOFFICE prior to 2021-11-08 that stems from being affected by incorrect access control. An attacker can use the default JWT signature key to authenticate to the Web...
CVE-2021-43445
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key...
CVE-2021-40342
In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects FOXMAN-UN product:...
CVE-2021-40342
In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects FOXMAN-UN product:...
Design/Logic Flaw
In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects FOXMAN-UN product:...
CVE-2021-40342 Use of default key for encryption
In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects FOXMAN-UN product:...
CVE-2021-40342
CVE-2021-40342 affects Hitachi Energy FOXMAN-UN and UNEM products (FOXMAN-UN R9C–R16A; UNEM R9C–R16A). Root cause: DES encryption uses a default key. Impact: an attacker could obtain sensitive information and gain access to network elements managed by the affected products. Mitigation/remediation...
PT-2023-12362 · Unem +1 · Unem +1
Name of the Vulnerable Software and Affected Versions: FOXMAN-UN versions R9C through R16A UNEM versions R9C through R16A Description: The issue affects the DES implementation in the affected product versions, which use a default key for encryption. Successful exploitation allows an attacker to...
Hitachi FOXMAN-UN 授权问题漏洞
Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Japan. An authorization issue vulnerability exists in Hitachi FOXMAN-UN, which stems from its use of a DES implementation with a default key for encryption that allows an attacker to obtain sensitive information a...
Hitachi Energy UNEM
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: UNEM Vulnerabilities: Inadequate Encryption Strength, Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive Information. 2. RISK EVALUATION Successful...
Hitachi Energy FOXMAN-UN
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN Vulnerabilities: Inadequate Encryption Strength, Use of Default Cryptographic Key, Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive...
CVE-2022-35887
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...
CVE-2022-33207
Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque...
CVE-2022-33195
Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...
CVE-2022-33206
Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque...