Hardcoded credentials

Cisco NX-OS 6.02U61 through 6.02U65 on Nexus 3000 devices and 6.02A61 through 6.02A65 and 6.02A71 on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a 1 TELNET or 2 SSH session, aka Bug ID CSCuy25800...

CVE-2016-1329

Cisco NX-OS 6.02U61 through 6.02U65 on Nexus 3000 devices and 6.02A61 through 6.02A65 and 6.02A71 on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a 1 TELNET or 2 SSH session, aka Bug ID CSCuy25800...

CVE-2016-1329

CVE-2016-1329 affects Cisco NX-OS on Nexus 3000 (6.0(2)U6(1)–6.0(2)U6(5)) and Nexus 3500 (6.0(2)A6(1)–6.0(2)A6(5), 6.0(2)A7(1)). The root cause is hardcoded/default credentials present in an account created at installation, allowing unauthenticated remote attackers to obtain root privileges via T...

CVE-2016-1329

Cisco NX-OS 6.02U61 through 6.02U65 on Nexus 3000 devices and 6.02A61 through 6.02A65 and 6.02A71 on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a 1 TELNET or 2 SSH session, aka Bug ID CSCuy25800...

CVE-2015-7261

The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21...

Hardcoded credentials

The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21...

CVE-2015-7261

CVE-2015-7261 affects QNAP iArtist Lite before 1.4.54 (bundled with Signage Station before 2.0.1). The FTP service contains hardcoded credentials, enabling remote access via TCP port 21. Root cause is hard-coded FTP accounts/passwords in iArtist Lite used by Signage Station; impact is unauthorize...

CVE-2015-7261

The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21...

Servision HVG Hardcoded Credentials

Hello... Over a year ago I disclosed several vulnerabilities in Servision HVG network video recording devices. CVE-2015-0929 and CVE-2015-0930. https://www.kb.cert.org/vuls/id/522460 Since it's been a while now, and hardcoded backdoor passwords in "security" devices are the current hotness...

Hardcoded credentials

OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session...

Trane ComfortLink II SCC Service Hardcoded Credentials Vulnerability

Talos Vulnerability Report TALOS-2016-0028 Trane ComfortLink II SCC Service Hardcoded Credentials Vulnerability February 8, 2016 CVE Number CVE-2015-2867 Description A design flaw in the Trane ComfortLink II SCC service allows remote attackers to take complete control of the system. During system...

Hardcoded credentials

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area...

Hardcoded credentials

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a 1 SSH or 2 HTTP session, a different vulnerability than CVE-2015-8362...

Hardcoded credentials

Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded 1 root and 2 guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070...

Hardcoded credentials

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a 1 SSH or 2 HTTP session, a different vulnerability than CVE-2016-1984...

SedSystems D3 Decimator - Multiple Vulnerabilities

SedSystems D3 Decimator - Multiple Vulnerabilities SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to this...

SedSystems D3 Decimator - Multiple Vulnerabilities

SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to this device it will announce itself with "connected" or...

Potential backdoor via hardcoded system ID

Application: SAP NetWeaver AS ABAP Vendor URL: http://sap.com Bugs: Hardcoded credentials Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 10.05.2016 Reference: SAP Security Note 2292487 Author: Vahagn VardanyanERPScan VULNERABILITY INFORMATION Class: Hardcoded credential...

Hardcoded credentials

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session...

Hardcoded credentials

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number...