CVE-2016-20026 ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote Code Execution

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP...

CVE-2016-20026

CVE-2016-20026 affects ZKTeco ZKBioSecurity 3.0. The vulnerability stems from hardcoded credentials in the bundled Apache Tomcat server (tomcat-users.xml), which allow unauthenticated access to the manager application and enable uploading malicious WAR archives that execute arbitrary JSP code wit...

PT-2026-25666

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP...

Avantra 安全漏洞

Avantra is a SAP software developed by the Avantra company. Versions of Avantra prior to 25.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of hardcoded credentials, which could allow access to functions that are not properly constrained by ACLs...

CVE-2025-41710

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges...

Micro Research MR-GM5L-S1和Micro Research MR-GM5A-L1 信任管理问题漏洞

Both Micro Research MR-GM5L-S1 and Micro Research MR-GM5A-L1 are embedded industrial communication module devices produced by the Canadian company Micro Research. Both devices have vulnerabilities related to trust management. These vulnerabilities stem from the use of hardcoded credentials, which...

EUVD-2025-208468

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges...

EUVD-2025-208467

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges...

CVE-2025-41710

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges...

Schneider Electric EcoStruxure IT Data Center Expert 信任管理问题漏洞

Schneider Electric EcoStruxure IT Data Center Expert is an extensible monitoring software developed by Schneider Electric, a French company. It is used to collect, organize, and distribute information about critical devices, providing a comprehensive view of the devices. Schneider Electric...

PT-2026-24184

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges...

CVE-2026-29119

International Datacasting Corporation IDC SFX Series SuperFlexSFX2100 SatelliteReceiver contains hardcoded and insecure credentials for the admin account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leadi...

CVE-2026-28778

International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...

CVE-2026-29128 IDC SFX2100 Satellite Receiver bgpd/ospfd/ripd/zebra Config Credential Disclosure via World-Readable Files

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...

EUVD-2026-9374

International Datacasting Corporation IDC SFX Series SuperFlexSFX2100 SatelliteReceiver contains hardcoded and insecure credentials for the admin account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leadi...

EUVD-2026-9373

International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...

EUVD-2026-9371

International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the monitor account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped into a restricted shell,...

CVE-2026-29119

International Datacasting Corporation IDC SFX Series SuperFlexSFX2100 SatelliteReceiver contains hardcoded and insecure credentials for the admin account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leadi...

CVE-2026-28776

International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the monitor account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped into a restricted shell,...

CVE-2026-29119 Hardcoded and Insecure Credentials for "Admin" Account providing Telnet Access on IDC SFX2100 Satellite Receiver

International Datacasting Corporation IDC SFX Series SuperFlexSFX2100 SatelliteReceiver contains hardcoded and insecure credentials for the admin account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leadi...