CVE-2021-33583

REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file...

Hardcoded credentials

Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only...

CVE-2021-35965

CVE-2021-35965 affects the Orca HCM digital learning platform. The vulnerability arises from a hard-coded, weak factory-default administrator password embedded in the webpage source, enabling remote attackers to gain administrator privileges without authentication. NVD specifies CVSSv3.1 base sco...

CVE-2020-12733

Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account...

CVE-2020-12733

Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account...

Trojan-Dropper.Win32.Juntador.a Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f28e866ce2f99013a66b015f6a7f31a8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Juntador.a Vulnerability: Weak Hardcoded Password Description: The malware...

CVE-2020-25752

The CVE-2020-25752 entry concerns Enphase Envoy R3.x and D4.x devices with hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords are derived from the MD5 hash of the username and serial number mixed with static strings, and the serial number can be retrieved by...

Trend Micro Bugs Threaten Home Network Security

Three security vulnerabilities have been found in Trend Micro’s Home Network Security systems, which can allow denial of service DoS, privilege escalation, code execution and authentication bypass. The Home Network Security Station is an all-in-one device that scans for vulnerabilities for...

Backdoor.Win32.Psychward.ds Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9e22514c9b0e74c7fcb07b7c091f6123.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.ds Vulnerability: Weak Hardcoded Password Description: The malware listens ...

Backdoor.Win32.DarkMoon.a Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/7361fe3620fb6e18467c8e15e224b0b8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkMoon.a Vulnerability: Weak Hardcoded Password Description: Dark Moon v1 client by...

CVE-2021-32454

SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access...

CVE-2021-32454

The CVE-2021-32454 entry describes a vulnerability in SITEL CAP/PRX firmware version 5.2.01 where a hardcoded password is used. Affected component: SITEL CAP/PRX firmware 5.2.01. Root cause: hardcoded credentials that can be modified by an attacker with access to the device, potentially depriving...

CVE-2021-32454 SITEL CAP/PRX hardcoded credentials

SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access...

Edimax Technology wireless network camera 信任管理问题漏洞

Edimax Technology wireless network camera is a network device from Edimax Technology, China. It provides a video recording feature. A trust management issue vulnerability exists in EDIMAX wireless network camera, which stems from the default administrator account and password being hardcoded...

CVE-2021-27172

An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh...

CVE-2021-27168

CVE-2021-27168 affects FiberHome HG6245D devices via RP2613, where the rdsadmin account is exposed with a hardcoded password (6GFJdY4aAuUKJjdtSn7d). The issue enables potential unauthorized admin access over the network, with CVSS metrics indicating high confidentiality, integrity, and availabili...

CVE-2021-27168

An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account...

CVE-2021-27172

The CVE-2021-27172 case concerns FiberHome HG6245D ONT routers (via RP2613). It relies on a hardcoded GEPON password for root stored in /etc/init.d/system-config.sh, enabling unauthorized root access. The NVD entry lists a CVSS3.1 base score of 9.8 (CRITICAL) with network attack vector and no aut...

Micro Focus UCMDB Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution', 'Description' = %q This module exploits two vulnerabilities, that...

Micro Focus UCMDB Remote Code Execution Exploit

This Metasploit module exploits two vulnerabilities, that when chained allow an attacker to achieve unauthenticated remote code execution in Micro Focus UCMDB. UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected, but this module can probably also be used to...