Lucene search
K

137 matches found

ATTACKERKB
ATTACKERKB
added 2023/11/17 6:15 a.m.3 views

CVE-2023-38324

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...

5.3CVSS6AI score0.00685EPSS
Exploits0References8
OSV
OSV
added 2023/11/17 6:15 a.m.4 views

DEBIAN-CVE-2023-38324

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...

5.3CVSS5.7AI score0.00685EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/17 12:0 a.m.5 views

openNDS Security Vulnerabilities

openNDS is a high-performance, small footprint portal system from openNDS open source. A security vulnerability exists in versions prior to openNDS 10.1.2 that originates from allowing a user to skip the startup page sequence when the default FAS key is used and OpenNDS is configured for FAS...

5.3CVSS6.7AI score0.00685EPSS
Exploits0References8
OSV
OSV
added 2023/10/11 1:15 a.m.4 views

CVE-2023-45194

Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 -D/-K/-S/-DK/-DKS/-M/-W firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communicati...

4.3CVSS5.8AI score0.00228EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/02 12:0 a.m.4 views

Deyue Remote Vehicle Management System Code Issue Vulnerability

Deyue Remote Vehicle Management System is a remote vehicle management system. A code issue vulnerability exists in Deyue Remote Vehicle Management System v1.1, which stems from the use of the Shiro framework, which uses a default key that can be deserialized using Shiro to gain system privileges...

8.8CVSS7.4AI score0.0094EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.4 views

ONLYOFFICE 授权问题漏洞

Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in all versions of ONLYOFFICE prior to 2021-11-08 that stems from being affected by incorrect access control. An attacker can use the default JWT signature key to authenticate to the Web...

9.8CVSS8.4AI score0.01707EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/01/23 12:0 a.m.9 views

CVE-2021-43445

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key...

7.2AI score0.01707EPSS
Exploits0References3
NVD
NVD
added 2023/01/05 10:15 p.m.20 views

CVE-2021-40342

In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects FOXMAN-UN product:...

9.8CVSS8.3AI score0.00284EPSS
Exploits0References2
OSV
OSV
added 2023/01/05 10:15 p.m.4 views

CVE-2021-40342

In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects FOXMAN-UN product:...

9.8CVSS5.8AI score0.00284EPSS
Exploits0References2
Prion
Prion
added 2023/01/05 10:15 p.m.17 views

Design/Logic Flaw

In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects FOXMAN-UN product:...

7.5CVSS9.2AI score0.00284EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2023/01/05 9:27 p.m.20 views

CVE-2021-40342 Use of default key for encryption

In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects FOXMAN-UN product:...

7.1CVSS9.5AI score0.00284EPSS
Exploits0References2
CVE
CVE
added 2023/01/05 9:27 p.m.57 views

CVE-2021-40342

CVE-2021-40342 affects Hitachi Energy FOXMAN-UN and UNEM products (FOXMAN-UN R9C–R16A; UNEM R9C–R16A). Root cause: DES encryption uses a default key. Impact: an attacker could obtain sensitive information and gain access to network elements managed by the affected products. Mitigation/remediation...

9.8CVSS8.3AI score0.00284EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/01/05 12:0 a.m.6 views

PT-2023-12362 · Unem +1 · Unem +1

Name of the Vulnerable Software and Affected Versions: FOXMAN-UN versions R9C through R16A UNEM versions R9C through R16A Description: The issue affects the DES implementation in the affected product versions, which use a default key for encryption. Successful exploitation allows an attacker to...

9.8CVSS9.2AI score0.00284EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/05 12:0 a.m.6 views

Hitachi FOXMAN-UN 授权问题漏洞

Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Japan. An authorization issue vulnerability exists in Hitachi FOXMAN-UN, which stems from its use of a DES implementation with a default key for encryption that allows an attacker to obtain sensitive information a...

9.8CVSS8.3AI score0.00284EPSS
Exploits0References4
ICS
ICS
added 2023/01/05 12:0 a.m.36 views

Hitachi Energy UNEM

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: UNEM Vulnerabilities: Inadequate Encryption Strength, Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive Information. 2. RISK EVALUATION Successful...

9.8CVSS7.4AI score0.00569EPSS
Exploits0References3
ICS
ICS
added 2023/01/05 12:0 a.m.42 views

Hitachi Energy FOXMAN-UN

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN Vulnerabilities: Inadequate Encryption Strength, Use of Default Cryptographic Key, Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive...

9.8CVSS7.4AI score0.00569EPSS
Exploits0References3
OSV
OSV
added 2022/10/25 5:15 p.m.4 views

CVE-2022-35887

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

8.8CVSS5.8AI score0.01252EPSS
Exploits1References1
OSV
OSV
added 2022/10/25 5:15 p.m.5 views

CVE-2022-33207

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque...

9.9CVSS6AI score0.04222EPSS
Exploits1References1
OSV
OSV
added 2022/10/25 5:15 p.m.5 views

CVE-2022-33195

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

10CVSS6AI score0.03244EPSS
Exploits1References1
OSV
OSV
added 2022/10/25 5:15 p.m.4 views

CVE-2022-33206

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque...

9.9CVSS6AI score0.04183EPSS
Exploits1References1
Rows per page
Query Builder