CVE-2018-6213

In the web server on D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account...

Dedos-web Hardcoded Password Vulnerability

Dedos-web is a set of online tools for executing programs designed using DEDOS-Editor. A security vulnerability exists in version 1.0 of Dedos-web. The vulnerability stems from the program's use of the Passport.js package to provide authentication policies. An attacker can exploit the vulnerabili...

CVE-2018-11482

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password...

CVE-2018-11482

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password...

CVE-2018-11482

CVE-2018-11482 affects TP-LINK IPC device families (TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, TL-IPC40A-4) via /usr/lib/lua/luci/websys.lua which contains a hardcoded password (zMiVw8Kw0oxKXL0). Root cause: hardcoded credentials in the websys.lua module leading to insufficient access control...

CVE-2018-11482

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password...

PT-2018-3887 · D Link · Dir-620

Name of the Vulnerable Software and Affected Versions: D-Link DIR-620 devices with customized firmware versions 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22 Description: The issue is related to a hardcoded password for the admin account, specifically set to anonymous. This could allow a...

heinekingmedia StashCat for Android Hardcoded Password Vulnerability

heinekingmedia StashCat for Android is an Android-based enterprise communication software from the German company heinekingmedia. A security vulnerability exists in heinekingmedia StashCat 1.7.5 and earlier versions for the Android platform, which stems from the program's use of hard-coded...

CVE-2018-10723

Directus 6.4.9 contains a hardcoded admin password for the Admin account caused by an INSERT in api/schema.sql. Multiple sources (CNVD-2018-09196, NVD CVE-2018-10723, OSV, PRION) describe this as an elevation of privilege/vector involving a hardcoded credential, enabling potential administrator a...

CVE-2018-10723

Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql...

SUSE-SU-2018:1102-1 Security update for python-Django

This update for python-Django fixes the following issues: Security issues fixed: - CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. bsc1083305 - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters. bsc1083304 - CVE-2017-12794:...

CVE-2018-10328

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...

CVE-2018-10328

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...

CVE-2018-10328

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...

CVE-2018-10328

CVE-2018-10328 affects Momentum Axel 720P devices running version 5.1.8. The issue is a hardcoded password for the appagent account, allowing remote attackers to view the RTSP video stream. Documented CVSS: CVSS v3.0 base score 7.4 (HIGH), with ADJACENT network access, no user interaction, and co...

Momentum Axel 720P Information Disclosure Vulnerability

The Momentum Axel 720P is a dual-band HD camera that supports WiFi connectivity. A security vulnerability exists in the Momentum Axel 720P version 5.1.8, which stems from the appagent account using the hardcoded password: streaming.A remote attacker can exploit this vulnerability to view the vide...

Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE

Subject: Shenzhen TVT Digital Technology Co. Ltd & OEM DVR/NVR/IPC API RCE Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Python PoC: https://github.com/mcw0/PoC/blob/master/TVT-PoC.py Release date: April 9,...

CVE-2014-3413

The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access...

CVE-2014-3413

The CVE-2014-3413 vulnerability affects Juniper Networks Junos Space prior to 13.3R1.8, where the MySQL server contains an unspecified hardcoded account password. This allows remote attackers with database access to obtain sensitive information and potentially gain administrative control. Affecte...

CVE-2014-3413

The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access...