Backdoor.Win32.Wollf.c Hardcoded Backdoor Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/91c02a95839a76a5d2e335cded7112a9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.c Vulnerability: Hardcoded Backdoor Password Description: The backdoor creates ...

Backdoor.Win32.Wollf.16 Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5f79b779acd4c9c75211835a2783bccb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Weak Hardcoded Password Description: Wollf.16 creates and run...

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 CVSS score 7.8,...

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 CVSS score 7.8,...

Hardcoded credentials

Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa which is just the asdf keyboard row in reverse order...

Hardcoded credentials

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later...

CVE-2020-29583

CVE-2020-29583 (Zyxel hard-coded credentials) The Zyxel vulnerability concerns an undocumented user account, “zyfwp,” with an unchangeable password found in the firmware of multiple Zyxel devices. The account can grant admin access via SSH or the web interface. Affected devices include Zyxel USG/...

CVE-2020-29375

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged non-admin attacker can use a hardcoded password 4ef9cea10b2362f15ba4558b1d5c081f to create an admin user...

CVE-2020-29376

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@ly$z%x6x7q8c9z password for the admin account to authenticate to the TELNET service...

CVE-2020-29375

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged non-admin attacker can use a hardcoded password 4ef9cea10b2362f15ba4558b1d5c081f to create an admin user...

CVE-2020-29375

CVE-2020-29375 affects multiple V-SOL OLT devices (V1600D/V2.03.69 and V2.03.57; V1600D4L/V1.01.49; V1600D-MINI/V1.01.48; V1600G1/V2.0.7 and V1.9.7; V1600G2/V1.1.4). The root cause is a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) that a low-privileged, non-admin attacker can use to crea...

CVE-2020-29375

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged non-admin attacker can use a hardcoded password 4ef9cea10b2362f15ba4558b1d5c081f to create an admin user...

CVE-2020-29376

CVE-2020-29376 affects V-SOL OLT devices (V1600D/V1600D4L/V1600D-MINI/V1600G1/V1600G2 family). The issue centers on an admin TELNET password (!j@l#y$z%x6x7q8c9z) allowing authentication to TELNET, as disclosed across multiple references. The connected documents confirm affected models and the pre...

Barco wePresent WiPG-1600W Hardcoded Root Password Vulnerability

The Barco wePresent WiPG-1600W is a management device for conference environments from Barco Belgium. A security vulnerability exists in Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19, which stems from the inclusion of a hard-coded root password hash in the firmware...

CVE-2020-28329

Barco wePresent WiPG-1600W is affected by CVE-2020-28329 and related CVEs due to hardcoded credentials in the firmware. Affected firmware versions include 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19. The vulnerability arises because an API account and password are embedded in the firmware image and...

CVE-2020-28329

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...

U.S. Dept Of Defense: hardcoded password stored in javascript of https://████.mil

Summary: I have discovered a cleartext password stored within a javascript. This password allows me to authentication to https://█████.mil. Description: I have discovered a cleartext password stored within a javascript. This password allows me to authentication to https://███████.mil. To confirm...

ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: ZTE mobile Hotspot MS910S vulnerable version: DLMF910SCNEUV1.00.01 fixed version: - CVE number: CVE-2019-3422 impact: High homepage:...

CVE-2019-20025

Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privileg...

CVE-2020-15322

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account...