CVE-2021-34601

CVE-2021-34601 affects Bender ebee Charge Controllers (notably CC612) with hardcoded SSH credentials in version 5.20.1 and earlier, enabling an attacker to gain administrative access to the web UI. Connected sources confirm affected products/versions; no exploitation status or patch details are p...

Backdoor.Win32.Agent.aegg Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/58be35e792476d1c015df7853112d200.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aegg Vulnerability: Weak Hardcoded Credentials Description: The malware listens...

Dell PowerScale OneFS Default Hardcoded Credentials Vulnerability

Dell PowerScale OneFS is a PowerScale OneFS operating system that provides scale-out NAS. Dell PowerScale OneFS has a security vulnerability that could be exploited by a locally authenticated attacker to gain access to the system...

Hardcoded credentials

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:.git, which would be picked up by Git operation...

Hardcoded credentials

Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline...

Hardcoded credentials

An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain...

Hardcoded credentials

Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service...

Hardcoded credentials

A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...

Hardcoded credentials

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors...

Hardcoded credentials

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Hardcoded credentials

Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page...

Hardcoded credentials

Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function...

Hardcoded credentials

Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox URL bar via a crafted HTML page...

Hardcoded credentials

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox URL bar via a crafted HTML page...

Hardcoded credentials

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox URL bar via a crafted HTML page...

Backdoor.Win32.Jokerdoor Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/a6437375fff871dff97dc91c8fd6259f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jokerdoor Vulnerability: Weak Hardcoded Credentials Family: Jokerdoor Type: PE32 MD5:...

CVE-2021-30064

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials if the device is in the uncommissioned state...

Hardcoded credentials

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials if the device is in the uncommissioned state...

CVE-2021-30064

The CVE affects Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 (before 03.23) and TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance. The root cause is hardcoded default credentials allowing SSH login, applicable when the device is in the uncommissioned/not-enabled state. ...

Hardcoded credentials

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on...