Hardcoded credentials

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka the adm/boardformupdate.php bosubject parameter...

CVE-2019-12327

Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed...

Hardcoded credentials

Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed...

CVE-2019-12327

Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed...

CVE-2019-12327

Summary: CVE-2019-12327 affects Akuvox R50P VoIP phone (version 50.0.6.156). The issue arises from hardcoded credentials, enabling an attacker to access the device via telnet on port 2323. The telnet service cannot be turned off and credentials cannot be changed, per the provided sources. Affecte...

Hardcoded credentials

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local Denial of Service affecting CmdVirth.exe via its LPC port "cmdvrtLPCServerPort". A low privileged local process can connect to this port and send an LPCDATAGRAM, which triggers an Access Violation due to hardcoded NULLs used fo...

Hardcoded credentials

In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATHINFO to the dashboards/ URI...

Hardcoded credentials

main/streams/xpsocket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen'127.0.0.1:80', 443 as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number i.e...

Hardcoded credentials

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration aka setAutoLogin can be achieved by continuing to use a session ID after a logout, aka HMCCU-154...

CVE-2019-3950

Arlo Basestation firmware 1.12.0.127940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to...

CVE-2019-3950

Arlo Basestation firmware 1.12.0.127940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to...

CVE-2019-3950

CVE-2019-3950 affects Arlo Base Station firmware 1.12.0.1_27940 and prior, enabling root access via a hardcoded username/password when the onboard serial interface is available. The UART weakness is reinforced by a hardcoded encryption key, and a second issue (CVE-2019-3950) involves a networking...

Hardcoded credentials

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation...

Hardcoded credentials

WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote...

CVE-2017-8226

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a...

Hardcoded credentials

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a...

Hardcoded credentials

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the use...

Hardcoded credentials

Linear eMerge E3-Series devices have Hard-coded Credentials...

Hardcoded credentials

Optergy Proton/Enterprise devices have Hard-coded Credentials...

Design/Logic Flaw

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags MODBUS coils mapping to the HMI. These credentials are the idal123...