104 matches found
CVE-2013-3542
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WPHD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!/" with the same password, which makes it easier for remote attackers to obtain access vi...
CVE-2013-3542
CVE-2013-3542 affects Grandstream GXV series (e.g., GXV3501/3504/3601/3601HD/LL/3611/3615W/P/3651FHD/3662HD/3615WP_HD/3500) with firmware 1.0.4.11. The issue is a hardcoded account "!#/" enabling remote TELNET access, exposing high-severity risk (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H; ba...
CVE-2019-18852
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/imagesign or /etc/alphaconfig/imagesign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 for DCN, DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842...
Mitsubishi Electric smartRTU and Inea ME-RTU Trust Management Issue Vulnerability (CNVD-2019-47031)
Mitsubishi Electric smartRTU is an intelligent Remote Terminal Unit RTU from Mitsubishi Electric, Japan.Inea ME-RTU is an intelligent communication gateway product from Inea, Slovenia. A trust management issue vulnerability exists in Mitsubishi Electric smartRTU version 2.02 and earlier and INEA...
CVE-2017-12577
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...
CVE-2017-12577
CVE-2017-12577 affects PLANEX CS-QR20 (version 1.30). The Android app ships a hardcoded credential (admin:password) that can be used to access a hidden API URL /goform/SystemCommand, enabling an attacker to execute arbitrary commands with root privileges. This is tied to the Web UI component and ...
CVE-2018-12526
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account...
CVE-2018-12526
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account...
Hardcoded credentials
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account...
CVE-2018-12526
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account...
CVE-2018-12526
CVE-2018-12526 affects Telesquare SDT-CS3B1 and SDT-CW3B1 devices up to firmware 1.2.0, due to a default factory account that enables remote TELNET access via a hardcoded credential. Connected sources (NVD, CNVD, CVE records) consistently describe the root cause as a hardcoded default account; ex...
CVE-2018-6210
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session...
CVE-2018-6210
The CVE-2018-6210 entry concerns D-Link DIR-620 routers with a Rostelekom variant of firmware 1.0.37 that ship a hardcoded rostel account. The underlying risk is that an unauthenticated remote attacker can obtain access via TELNET, enabling privileged router access (the OS/user account context fr...
CVE-2017-17540
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell...
CVE-2017-17540
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell...
CVE-2017-17539
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell...
Fortinet FortiWLC Hardcoded Account Vulnerability (CNVD-2018-10699)
FortiWLC is a wireless controller from Fortinet. A hard-coded account vulnerability exists in versions 7.0.11 and earlier of Fortinet FortiWLC. An attacker can exploit this vulnerability via a remote shell to gain unauthorized read/write access...
CVE-2017-17540
CVE-2017-17540 concerns Fortinet FortiWLC 8.3.3, where a hardcoded account creates unauthorized read/write access via a remote shell. Connected sources corroborate a hardcoded credential issue in FortiWLC 8.3.3 with remote shell access enabling reading/writing capabilities. The exact root cause, ...
CVE-2017-17539
CVE-2017-17539 concerns Fortinet FortiWLC up to version 7.0.11, where a hardcoded account grants an attacker with network access unauthorized read/write via a remote shell. The underlying issue is a hardcoded credential that persists across versions prior to the remediation. Impact described in t...
CVE-2017-17540
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell...