1137 matches found
CVE-2025-31649
CVE-2025-31649: Dell ControlVault WBDI Driver hard-coded password vulnerability in ControlVault3 prior to 5.15.14.19 and ControlVault3 Plus prior to 6.2.36.47. A specially crafted API call can lead to execution of privileged operations. TALOS confirms vulnerable versions (e.g., 5.14.3.0) and the ...
Dell ControlVault3和Dell ControlVault3 Plus 安全漏洞
Dell ControlVault3 and Dell ControlVault3 Plus are both hardware-based security solutions from Dell USA. A security vulnerability exists in Dell ControlVault3 versions prior to 5.15.14.19 and Dell ControlVault3 Plus versions prior to 6.2.36.47, which stems from a hard-coded password vulnerability...
PT-2025-47226
Name of the Vulnerable Software and Affected Versions Dell ControlVault3 versions prior to 5.15.14.19 Dell ControlVault3 Plus versions prior to 6.2.36.47 Description A hard-coded password exists within the ControlVault WBDI Driver functionality. An attacker can exploit this by issuing a specially...
Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability
Talos Vulnerability Report TALOS-2025-2173 Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability November 17, 2025 CVE Number CVE-2025-31649 SUMMARY A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 5.14.3.0. A...
CVE-2025-12676
CVE-2025-12676 concerns KiotViet Sync for WordPress (versions up to 1.8.5). According to multiple sources, the root cause is a hard-coded password used for authentication inside QueryControllerAdmin::authenticated, enabling unauthenticated attackers to create and sync products. Public details con...
CVE-2025-12676 KiotViet Sync <= 1.8.5 - Use of Hard-coded Password to Authorization Bypass
The KiotViet Sync plugin for WordPress is vulnerable to authorizarion bypass in all versions up to, and including, 1.8.5. This is due to the plugin using a hardcoded password for authentication in the QueryControllerAdmin::authenticated function. This makes it possible for unauthenticated attacke...
WordPress plugin KiotViet Sync 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
EUVD-2025-34787
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
H3C Magic M安全漏洞
H3C Magic M is a series of wireless routers from China's Xinhua San H3C. A security vulnerability exists in H3C Magic M. The vulnerability stems from the use of hard-coded weak passwords or unset passwords in the firmware, which could allow an attacker to gain maximum root privileges via Telnet...
CVE-2025-61330
CVE-2025-61330 affects H3C Magic-branded devices. The root cause is a hard-coded weak password (or no password) for the root account in /etc/shadow, with Telnet enabled by default or user-enabled, and Virtual Servers exposing devices to the public network. This enables remote attacker access to r...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
CVE-2025-11666
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...
CVE-2025-11649
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have hig...
EUVD-2025-34055
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...
CVE-2025-11666
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...
CVE-2025-11666 Tenda RP3 Pro Firmware Update force_upgrade.sh hard-coded password
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...
CVE-2025-11666
CVE-2025-11666 affects Tenda RP3 Pro firmware up to version 22.5.7.93. The vulnerability resides in the Firmware Update Handler’s force_upgrade.sh, where manipulating the current_force_upgrade_pwd argument can trigger use of a hard-coded password. Local attack required. Public exploit exists. Rem...