CVE-2022-29730

CVE-2022-29730 affects USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36. The issue is hard-coded credentials for the highest privileged account (USR user) with password www.usr.cn, which cannot be changed via normal device operation. This credential exposure enables full compromise of the de...

Hardcoded credentials

An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS...

Hardcoded credentials

A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials...

Hardcoded credentials

The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed...

Rakuten Mobile Rakuten Casa 信任管理问题漏洞

Rakuten Mobile Rakuten Casa is a small base station from Rakuten Mobile Japan, Inc. A trust management issue vulnerability exists in Rakuten Mobile Rakuten Casa APFV200 and APFV141 versions, which stems from the presence of hard-coded credentials in the application code. An unauthenticated, remot...

Hardcoded credentials

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /webcste/cgi-bin/product.ini...

Hardcoded credentials

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability...

Hardcoded credentials

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

Hardcoded credentials

A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages...

Hardcoded credentials

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible...

CVE-2021-34601

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI...

CVE-2021-34601

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI...

Hardcoded credentials

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI...

CVE-2021-34601 Bender Charge Controller: Hardcoded Credentials in Charge Controller

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI...

CVE-2021-34601

CVE-2021-34601 affects Bender ebee Charge Controllers (notably CC612) with hardcoded SSH credentials in version 5.20.1 and earlier, enabling an attacker to gain administrative access to the web UI. Connected sources confirm affected products/versions; no exploitation status or patch details are p...

Backdoor.Win32.Agent.aegg Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/58be35e792476d1c015df7853112d200.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aegg Vulnerability: Weak Hardcoded Credentials Description: The malware listens...

Dell PowerScale OneFS Default Hardcoded Credentials Vulnerability

Dell PowerScale OneFS is a PowerScale OneFS operating system that provides scale-out NAS. Dell PowerScale OneFS has a security vulnerability that could be exploited by a locally authenticated attacker to gain access to the system...

Hardcoded credentials

Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline...

Hardcoded credentials

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:.git, which would be picked up by Git operation...

Hardcoded credentials

An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain...