CVE-2025-36747 Hardcoded FTP Credentials within the firmware

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...

CVE-2025-36747 Hardcoded FTP Credentials within the firmware

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...

CVE-2025-36747

The CVE entry for CVE-2025-36747 describes ShineLan-X firmware containing FTP server credentials, enabling testers to establish an insecure FTP connection. This can allow an attacker to replace legitimate firmware-deployed files with malicious versions because firmware signature verification is n...

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...

EUVD-2020-30836

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...

CVE-2020-36896

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

CVE-2020-36896

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

CVE-2025-41696

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

PT-2025-50498

Name of the Vulnerable Software and Affected Versions Meatmeet Pro affected versions not specified Description The Meatmeet Pro device was shipped with hardcoded Wi-Fi credentials intended for its test network. An attacker obtaining these credentials and locating the vendor’s Wi-Fi network could...

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...

CVE-2025-65823

CVE-2025-65823 affects the Meatmeet Pro device. The firmware reportedly ships with hardcoded Wi‑Fi credentials from its test network, enabling an attacker who obtains these credentials to gain unauthorized access to the vendor’s Wi‑Fi network. Additionally, a nearby attacker during initial setup ...

CVE-2025-41696

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

CVE-2025-41696

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

CVE-2025-41696 Hardcoded User Password

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

CVE-2025-41696

CVE-2025-41696 describes an attack where an attacker can use an undocumented UART port on the PCB as a side-channel, leveraging user credentials obtained from CVE-2025-41692 to gain read access to parts of the device filesystem. Public Red Hat and EUVD entries corroborate the UART side-channel ve...

Phoenix Contact FL SWITCH 信任管理问题漏洞

The PHOENIX CONTACT FL SWITCH is an industrial grade Ethernet switch from PHOENIX CONTACT, Germany. A trust management issue vulnerability exists in Phoenix Contact FL SWITCH versions prior to 3.50, which stems from undocumented UART ports and hardcoded credentials that could result in a partial...

PT-2025-49815

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

CVE-2025-14126

A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the publi...

CVE-2025-14126 TOZED ZLT M30S/ZLT M30S PRO Web hard-coded credentials

A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the publi...