Solarwinds LEM 6.3.1 Hardcoded Credentials Vulnerability

The Postgres database on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has default hardcoded credentials. While some security measures were taken to ensure that network connectivity to the Postgres database wouldn't be possible using IPv4, the same measures were not taken for...

Hardcoded credentials

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Solarwinds LEM Database Listener with Hardcoded Credentials

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-284: Improper Access Control Impact: Remote Database Compromise Attack...

Solarwinds LEM 6.3.1 Hardcoded Credentials

KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials Title: Solarwinds LEM Database Listener with Hardcoded Credentials Advisory ID: KL-001-2017-009 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-009.txt 1...

Hardcoded credentials

On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key a long string beginning with Ei2HNryt. This affects the 1.1.2 Build 20141017 Rel.50749 firmware...

Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability

Talos Vulnerability Report TALOS-2017-0231 Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability April 21, 2017 Report ID CVE-2016-8717 Summary An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The devic...

DragonWave Horizon Hardcoded Credentials Vulnerability

DragonWave Horizon is a carrier-grade point-to-point packet microwave system from DragonWave Canada. The system provides the capability to transmit broadband voice, video and data. A security vulnerability exists in DragonWave Horizon version 1.01.03 that originates from the device's use of...

SedSystems D3 Decimator Default Credentials / File Disclosure

SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to this device it will announce itself with "connected" or...

SedSystems D3 Decimator - Multiple Vulnerabilities

Exploit for multiple platform in category web applications SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to...

Hardcoded credentials

Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation...

CVE-2017-7576

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials such as the username of energetic and password of wireless meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in...

Hardcoded credentials

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials such as the username of energetic and password of wireless meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in...

CVE-2017-7576

CVE-2017-7576 affects DragonWave Horizon 1.01.03 wireless radios, where hardcoded credentials (e.g., energetic/ wireless) grant access via web interface or TELNET. The root cause is embedded default credentials that bypass authentication, enabling unauthorized device access. Documents from multip...

Hardcoded credentials

Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...

Hardcoded credentials

Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH...

Hardcoded credentials

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an...

SICUNET Access Controller Multiple Vulnerabilities

SICUNET Access Controller is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Hardcoded credentials

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account...

Hardcoded credentials

An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password...

NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution

NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...