Hardcoded credentials

On ORing net IAP-420+ with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot...

CVE-2022-3203 ORing net IAP-420(+) Hidden Functionality

On ORing net IAP-420+ with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot...

CVE-2022-3203

The CVE-2022-3203 issue affects ORing Net IAP-420(+) with firmware 2.0m. The root cause is a telnet server that is enabled by default and cannot be permanently disabled, permitting access via LAN/WiFi with hardcoded credentials that reset to defaults on every reboot. This yields an administrative...

PT-2022-21056 · Oring · Oring Net Iap-420

Name of the Vulnerable Software and Affected Versions: ORing net IAP-420+ version 2.0m Description: The issue allows unauthorized access to the device via telnet, using hardcoded credentials, which provides an administrative shell. These credentials reset to defaults with every reboot, allowing...

Hardcoded credentials

The web app client of TP-Link AX10v1 V1211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attac...

Hardcoded credentials

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interactio...

Hardcoded credentials

FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...

Backdoor.Win32.NTRC MVID-2022-0646 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/273fd3f33279cc9c0378a49cf63d7a06.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NTRC Vulnerability: Weak Hardcoded Credentials Family: NTRC Type: PE32 MD5:...

Hardcoded credentials

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication...

Hardcoded credentials

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTHSECRETKEY in /opt/axess/etc/default/axess...

Hardcoded credentials

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APPKEY in /opt/axess/etc/default/axess...

Hardcoded credentials

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/defaultaxess/axess/TR69/Handlers/turbolink/sshkeys/idrsa SSH key...

Hardcoded credentials

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device...

Hardcoded credentials

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device...

Hardcoded credentials

A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for...

Backdoor.Win32.Psychward.b MVID-2022-0645 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/0b8cf90ab9820cb3fcb7f1d1b45e4e57.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.b Vulnerability: Weak Hardcoded Credentials Description: The...

Hardcoded credentials

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

CVE-2022-35413

WAPPLES Web Application Firewall

Hardcoded credentials

bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default...

Hardcoded credentials

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command...