CVE-2014-2264

The OpenVPN module in Synology DiskStation Manager DSM 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session...

CVE-2014-2264

The OpenVPN module in Synology DiskStation Manager DSM 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session...

CVE-2014-2264

The CVE-2014-2264 entry concerns the OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1, where a hardcoded root password (synopass) enables remote access via a VPN session. Multiple connected sources (Red Hat, Tenable plugin, CVE objects) corroborate the presence of this hardc...

PT-2014-4593 · Synology +1 · Synology Diskstation Manager +1

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM version 4.3-3810 update 1 Description: The issue concerns a hardcoded root password in the OpenVPN module, specifically set to synopass, which can be exploited by remote attackers to gain access via a VPN...

CVE-2014-0709

Cisco UCS Director formerly Cloupia before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930...

CVE-2014-0709

Cisco UCS Director formerly Cloupia before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930...

CVE-2014-0709

Cisco UCS Director (formerly Cloupia) before 4.0.0.3 uses a hardcoded root password, enabling unauthenticated remote login via the CLI and full admin access over SSH. This mode of exploitation is documented across multiple sources (Cisco advisory CSCui73930/Cisco-SA-2014-0219-ucsd). Affected vers...

ZTE ZXV10 W300 Wireless Router Hardcoded Credentials Security Bypass Vulnerability (SNMP/Telnet)

ZTE ZXV10 W300 wireless router is prone to a security-bypass vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

CVE-2014-0329

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password...

CVE-2014-0329

The CVE-2014-0329 issue affects ZTE ZXV10 W300 router (v2.1.0) where the TELNET service exposes a hard-coded admin password ending in “airocon,” with the first four characters derived from the device MAC. Remote attackers can gain administrator access using this credential, as documented in multi...

CVE-2014-0329

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password...

CVE-2013-7248

Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSAREQUEST...

CVE-2013-7248

Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSAREQUEST...

CVE-2013-7248

The CVE-2013-7248 issue in Franklin Fueling Systems TS-550 evo affects firmware 2.0.0.6833 and earlier than 2.4.0, due to a hardcoded password for the roleDiag account that enables remote root access via cmdWebCheckRole in TSA_REQUEST. Trustwave SpiderLabs’ advisory TWSL2014-001 documents the roo...

CVE-2013-4425

The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key...

Hardcoded credentials

The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key...

CVE-2013-4425

The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key...

CVE-2012-4088

The FTP server in Cisco Unified Computing System UCS has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769...

CVE-2012-4088

The FTP server in Cisco Unified Computing System UCS has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769...

CVE-2012-4088

Cisco UCS FTP server vulnerability (CVE-2012-4088) arises from an undocumented hard-coded password for an unspecified user account. An unauthenticated, adjacent attacker could read or modify files by exploiting this credential. Cisco’s advisory (CISCO-SA-20130927-CVE-2012-4088) confirms the issue...