Hardcoded credentials

Basware Banking Maksuliikenne 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to...

Hardcoded credentials

Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface...

Hardcoded credentials

Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password...

CVE-2015-2904

Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface...

CVE-2015-2904

CVE-2015-2904 affects Actiontec GT784WN modems with firmware prior to NCS01-1.0.13, where hard-coded credentials allow remote attackers to obtain root access by connecting to the web management interface. Public documents confirm the vulnerability is tied to root-privilege credential exposure and...

CVE-2015-2907

CVE-2015-2907 concerns the Mobile Devices (MDI) C4 OBD-II dongle family (firmware 2.x–3.4.x). The root cause is hard-coded SSH credentials (username/password) that enable remote attackers to gain access to affected devices. Impact described across sources includes unauthorized remote access; CERT...

CVE-2015-2904

Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface...

PT-2015-5968 · Mobile Devices · Mobile Devices C4 Obd-Ii Dongle

Name of the Vulnerable Software and Affected Versions: Mobile Devices aka MDI C4 OBD-II dongles versions 2.x through 3.4.x Description: The issue allows remote attackers to obtain access by leveraging knowledge of the required username and password, due to hardcoded SSH credentials...

Hardcoded credentials

Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive...

Hardcoded credentials

Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a 1 SSH or 2 TELNET session...

Hardcoded credentials

GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value...

Hardcoded credentials

GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for 1 Telnet and 2 FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value...

Hardcoded credentials

The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a...

Hardcoded credentials

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of 1 CANal1 for the Administrator user and 2 iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on...

Hardcoded credentials

GE Healthcare Precision MPi has a password of 1 orion for the serviceapp user, 2 orion for the clinical operator user, and 3 PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent ...

Hardcoded credentials

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system o...

Hardcoded credentials

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value...

Hardcoded credentials

The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of 1 shared for the shared user and 2 scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default,...

Hardcoded credentials

GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that...

Hardcoded credentials

The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of 1 operator for the root account, 2 adw2.0 for the admin account, and 3 adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcode...