Orange Aliyun OSS credentials suffer from information leakage vulnerability

Orange APP is an erotic community app. AliCloud Object Storage ServiceObject Storage Service, or OSS for short, is a massive, secure and highly reliable cloud storage service provided by AliCloud to the public. There is an information leakage vulnerability in the Orange Aliyun OSS credentials. Th...

Philips' DoseWise Portal Hardcoding Vulnerability

Philips' DoseWise Portal is a web-based reporting and tracking tool for radiation exposure. A hard-coded vulnerability exists in Philips' DoseWise Portal. An attacker exploiting this vulnerability would first require elevated privileges in order for the attacker to access web application back-end...

Hardcoded credentials

DISPUTED An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same...

Hardcoded credentials

MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service...

Two Popular IP Cameras Riddled With Vulnerabilities

Two consumer-grade IP-enabled security cameras manufactured by Loftek and VStartcam are riddled with nearly two dozen vulnerabilities that expose them to remote attacks. According to researchers, more than 1.3 million of the cameras are in use today, with 200,000 models located in the United...

CVE-2017-2280

WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

CVE-2017-2283

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

Hardcoded credentials

WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

Hardcoded credentials

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

CVE-2017-2280

WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

CVE-2017-2283

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

CVE-2017-2280

The CVE-2017-2280 entry affects I-O DATA WN-AX1167GR devices with firmware 3.00 and earlier. The root cause is hardcoded credentials embedded in the firmware, which may allow an attacker who can access the device to execute arbitrary code on the device. Documented impact is that an authenticated ...

CVE-2017-2283

CVE-2017-2283 affects I-O DATA WN-G300R3 (and WN-G300R31) wireless routers. Firmware 1.0.2 and earlier contains hard-coded credentials (CWE-798), which may allow an attacker with network access to the device to execute arbitrary code. Affected devices and impact are documented in multiple sources...

CVE-2017-2280

WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

CVE-2017-2283

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

Legislation Proposed to Secure Connected IoT Devices

A Senate bill introduced today would prioritize security in connected devices, requiring providers who sell to the U.S. government to implement measures that would have been an impediment to the IoT botnet-fueled attacks against DNS provider Dyn and webhost OVH. The Internet of Things Cybersecuri...

Hardcoded credentials

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user...

Cisco DPC3939 and DPC3941T Comcast Firmware Hardcoding Vulnerability

The Cisco DPC3939 and DPC3941T are both wireless voice gateway products from Cisco USA. comcast is a set of firmware developed by Comcast USA that runs in devices such as gateways and modems. A security vulnerability exists in the Comcast firmware in the Cisco DPC3939 using the...

Hardcoded credentials

MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to intercept sensiti...

Hardcoded credentials

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST and DPC3941T firmware version DPC39412.5s3PRODsey devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded...