3038 matches found
CVE-2022-29964
Summary of the CVE-2022-29964 family (Emerson DeltaV DCS): The vulnerabilities involve misuse of passwords in DeltaV controllers and IO cards up to 2022-04-29. Specifically, WIOC SSH provides a root/DeltaV/backup shell via hardcoded credentials, enabling local access. The issue affects S-series, ...
CVE-2022-29964
The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350...
Hardcoded credentials
A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests...
Hardcoded credentials
Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Hardcoded credentials
Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Hardcoded credentials
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Backdoor.Win32.Eclipse.h MVID-2022-0625 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8b470931114527b4dce42034a95ebf46.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Eclipse.h Vulnerability: Weak Hardcoded Credentials Family: Eclipse Type:...
Hardcoded credentials
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh...
Hardcoded credentials
The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number...
CVE-2022-24657
Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol port 22...
CVE-2022-24657
Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol port 22...
CVE-2022-24657
Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol port 22...
Hardcoded credentials
Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol port 22...
CVE-2022-24657
Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol port 22...
CVE-2022-24657
CVE-2022-24657 affects Goldshell ASIC Miners v2.1.x, where hardcoded credentials enable remote SSH access (port 22). The root cause is the presence of embedded credentials in the device firmware, as documented across multiple sources in the connected set (NVD/Red Hat/CVE listings, CNNVD). Impact ...
Hardcoded credentials
A use of hard-coded cryptographic key vulnerability CWE-321 in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device...
CVE-2022-31210
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/setparam.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts...
CVE-2022-31210
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/setparam.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts...
CVE-2022-31210
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/setparam.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts...
Hardcoded credentials
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/setparam.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts...