Hardcoded credentials

A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers URL. It is possible to launch the attack remotely...

Hardcoded credentials

Rakuten Casa version APFV141 or APFV200 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation...

Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices

After a decent amount of pressure, Owl Labs has finally released updates for vulnerabilities in Meeting Owl, and Whiteboard Owl cameras. The vulnerabilities were reported to Owl Labs in January, One of the vulnerabilities, CVE-2022-31460 has been added to the Known exploited vulnerabilities catal...

Hardcoded credentials

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...

Hardcoded credentials

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...

Hardcoded credentials

Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory...

CVE-2022-29730

CVE-2022-29730 affects USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36. The issue is hard-coded credentials for the highest privileged account (USR user) with password www.usr.cn, which cannot be changed via normal device operation. This credential exposure enables full compromise of the de...

Hardcoded credentials

An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS...

Hardcoded credentials

A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials...

Hardcoded credentials

The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed...

Rakuten Mobile Rakuten Casa 信任管理问题漏洞

Rakuten Mobile Rakuten Casa is a small base station from Rakuten Mobile Japan, Inc. A trust management issue vulnerability exists in Rakuten Mobile Rakuten Casa APFV200 and APFV141 versions, which stems from the presence of hard-coded credentials in the application code. An unauthenticated, remot...

Hardcoded credentials

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /webcste/cgi-bin/product.ini...

Hardcoded credentials

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability...

Hardcoded credentials

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

Hardcoded credentials

A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages...

Hardcoded credentials

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible...

CVE-2021-34601

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI...

CVE-2021-34601

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI...

Hardcoded credentials

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI...

CVE-2021-34601 Bender Charge Controller: Hardcoded Credentials in Charge Controller

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI...