1186 matches found
CVE-2023-30354
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access...
CVE-2022-45291
PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...
CVE-2022-45291
PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...
CVE-2022-45291
CVE-2022-45291 affects the PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS 2012_lts. The vulnerability enables remote code execution by injecting PHP into settings.php, with exploitation paths including PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_ea...
CVE-2022-45291
PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...
PT-2023-14639 · Unknown · Pws Personal Weather Station Dashboard
Name of the Vulnerable Software and Affected Versions: PWS Personal Weather Station Dashboard PWS Dashboard version 2012 lts Description: The issue allows remote code execution by injecting PHP code into settings.php. Attacks can use the "PWS printfile.php", "PWS frame text.php", "PWS...
Osprey Pump Controller 1.0.1 - Administrator Backdoor Access
Exploit Title: Osprey Pump Controller 1.0.1 - Administrator Backdoor Access Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage...
CVE-2023-28654
Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through...
CVE-2023-28654
Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through...
CVE-2023-28654 CVE-2023-28654
Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through...
CVE-2023-28654 CVE-2023-28654
Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through...
CVE-2023-28654
CVE-2023-28654 affects the Osprey Pump Controller, version 1.01. A hidden administrative account with a hardcoded password exists, not visible in the usernames/passwords list, and cannot be changed through normal operation. The backdoor is in Mirage_ValidateSessionCode.x, allowing full access to ...
Zyxel USG Hardcoded Default Password (CVE-2020-29583)
Firmware version 4.60 of Zyxel USG devices contains an undocumented account zyfwp with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. Note tha...
Osprey Pump Controller 1.0.1 Administrator Backdoor Access
Osprey Pump Controller 1.0.1 Administrator Backdoor Access Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mirage...
Osprey Pump Controller 1.0.1 Administrator Backdoor Access Vulnerability
Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list 120 of the application and the passwo...
Osprey Pump Controller 1.0.1 Administrator Backdoor Access
Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...
SUSE CVE-2016-9013
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...
PT-2023-1540 · Totolink · Totolink Ca300-Poe
Name of the Vulnerable Software and Affected Versions: TOTOLINK CA300-PoE version 6.2c.884 Description: The issue is related to the use of hardcoded credentials in the /etc/config/product.ini component of the TOTOLINK CA300-PoE router's firmware. This could allow a remote attacker to disclose...
Hardcoded credentials
A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The identifier VDB-217593 was assigned to this vulnerability...
CVE-2022-37832
Mutiny 7.2.0-10788 suffers from Hardcoded root password...