Hardcoded credentials

Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service...

Hardcoded credentials

A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The patch is identified as 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a pat...

CVE-2022-4780

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change...

CVE-2022-4780

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change...

Hardcoded credentials

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change...

CVE-2022-4780 hard coded credentials in elvexys ISOS firmwares

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change...

CVE-2022-4780 hard coded credentials in elvexys ISOS firmwares

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change...

CVE-2022-4780

Summary: CVE-2022-4780 affects ISOS firmwares 1.81–2.00, due to hardcoded credentials in the embedded StreamX installer. The root cause is fixed credentials that integrators are not forced to change, enabling potential unauthorized access to the appliance/update flow. Impact (as stated): unauthor...

PT-2022-28087 · Isos · Isos

Name of the Vulnerable Software and Affected Versions: ISOS firmwares versions 1.81 through 2.00 Description: The issue concerns hardcoded credentials in the embedded StreamX installer within ISOS firmwares. These credentials are not mandatory for integrators to change, posing a security risk...

Hardcoded credentials

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability...

Hardcoded credentials

When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed...

Hardcoded credentials

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

Hardcoded credentials

When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox 107...

Hardcoded credentials

Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox 101...

Hardcoded credentials

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface...

Hardcoded credentials

ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request...

Hardcoded credentials

A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed...

Click Studios Passwordstate 信任管理问题漏洞

Click Studios Passwordstate passwordstate is a password management software from the Click Studios team in Australia. The program provides users with the ability to save their passwords, record their accounts and passwords, and keep them safe. This program provides you with the ability to save yo...

Hardcoded credentials

Mutiny 7.2.0-10788 suffers from Hardcoded root password...

PT-2022-6297 · Апекс-Вуз · Апекс-Вуз

Name of the Vulnerable Software and Affected Versions: Апекс-ВУЗ affected versions not specified Description: The issue is related to the use of hardcoded credentials in the Апекс-ВУЗ education automation system. Exploitation of this issue may allow a remote attacker to gain full access to the...