93 matches found
CVE-2020-14510
GateManager (Secomea) VPN server is affected by CVE-2020-14510 due to a hard-coded telnet credential, allowing an unprivileged attacker to execute commands as root. Affected: GateManager versions prior to 9.2c. Mitigation/remediation: update to 9.2c (or newer, per advisories) and apply provided p...
CVE-2020-14510 OFF-BY-ONE ERROR CWE-193
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root...
CVE-2020-10988
A hard-coded telnet credential in the tendalogin binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device...
CVE-2020-10988
A hard-coded telnet credential in the tendalogin binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device...
CVE-2018-5560 Guardzilla All-In-One Video Security System Hard-Coded Credential
A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device...
Guardzilla Home Cameras Open to Anyone Wanting to Watch Their Footage
Another day, another internet of things IoT issue: A design flaw in the Guardzilla home video surveillance system has been discovered that allows users to watch other homeowners’ Guardzilla videos. The Guardzilla All-In-One Video Security System is a home security platform that provides indoor...
Schneider Electric Pelco Digital Sentry Video Management System Vulnerability
OVERVIEW Schneider Electric has identified a hard-coded credential vulnerability in Schneider Electric’s Pelco Digital Sentry Video Management System. Schneider Electric has produced a new firmware version to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED...
CVE-2017-11743
MEDHOST Connex (CVE-2017-11743) contains a hard-coded Mirth Connect admin credential ($K8t1ng) used for customer management access. The admin password is plaintext and identical across all installations, created during Connex install, with no option for customers to change it. A remote attacker a...
CVE-2017-11743
MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to intercept sensiti...
GE MultiLink Series Hard-coded Credential Vulnerability
OVERVIEW GE has identified a hard-coded credential vulnerability in GE’s MultiLink series managed switches. GE has produced new firmware versions to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following MultiLink products are affected: GE ML8...
Schneider Electric Modicon M340 PLC Station P34 Module HMI Vulnerabilities
Update Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON. The Industrial Control System Cyber Emergency Response Team ICS-CERT released an alert late last week and patches are currently being validated according to ICS-CE...
EasyIO-30P-SF Hard-Coded Credential Vulnerability
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on August 25, 2015, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified a hard-coded credential vulnerability in the EasyIO-30P-SF controller. EasyIO has produced a...
ORing Industrial Networking IDS-5042/5042+ Hard-Coded Credential Vulnerability
Overview Independent researcher Reid Wightman of Digital BondKorenix and ORing Use Crypto, http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity/, Web site last accessed September 19, 2012. identified hard-coded credentials in the operating system of the ORing Industrial DIN-Rail...