Foscam C1 Hardcoded Credential Authentication Bypass Vulnerability

Foscam C1 is a wireless IP camera product from FOSCAM China. A security vulnerability exists in the Foscam C1 using firmware version 1.9.1.12. The vulnerability can be exploited by a remote attacker to access a camera that does not block port 50021...

Hardcoded credentials

Hard-coded FTP credentials r:r are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device...

Foscam camera Web UI Hides Hardcoded Credentials Vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera Web UI Hidden and Hardcoded Credentials Vulnerability.The Foscam model has hidden and hardcoded credentials that can be exploited by an attacker to gain...

Trashbilling.com / Trashflow 3.0 XSS / SQL Injection

A blog post with information located here: https://thenopsled.com/trashbilling.html ============ Introduction ============ This was a basic vulnerability analysis of trashbilling.com which I am required to use to pay my trash bill, and Trashflow 3.0, which updates trashbilling.com from the Trash...

Hardcoded credentials

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise UCCE 11.51 and 11.61 could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account tha...

Hardcoded credentials

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information...

Solarwinds LEM 6.3.1 Hardcoded Credentials Vulnerability

The Postgres database on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has default hardcoded credentials. While some security measures were taken to ensure that network connectivity to the Postgres database wouldn't be possible using IPv4, the same measures were not taken for...

Hardcoded credentials

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Solarwinds LEM Database Listener with Hardcoded Credentials

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-284: Improper Access Control Impact: Remote Database Compromise Attack...

Solarwinds LEM 6.3.1 Hardcoded Credentials

KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials Title: Solarwinds LEM Database Listener with Hardcoded Credentials Advisory ID: KL-001-2017-009 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-009.txt 1...

Hardcoded credentials

On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key a long string beginning with Ei2HNryt. This affects the 1.1.2 Build 20141017 Rel.50749 firmware...

Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability

Talos Vulnerability Report TALOS-2017-0231 Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability April 21, 2017 Report ID CVE-2016-8717 Summary An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The devic...

DragonWave Horizon Hardcoded Credentials Vulnerability

DragonWave Horizon is a carrier-grade point-to-point packet microwave system from DragonWave Canada. The system provides the capability to transmit broadband voice, video and data. A security vulnerability exists in DragonWave Horizon version 1.01.03 that originates from the device's use of...

SedSystems D3 Decimator Default Credentials / File Disclosure

SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to this device it will announce itself with "connected" or...

SedSystems D3 Decimator - Multiple Vulnerabilities

Exploit for multiple platform in category web applications SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to...

Hardcoded credentials

Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation...

CVE-2017-7576

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials such as the username of energetic and password of wireless meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in...

Hardcoded credentials

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials such as the username of energetic and password of wireless meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in...

CVE-2017-7576

CVE-2017-7576 affects DragonWave Horizon 1.01.03 wireless radios, where hardcoded credentials (e.g., energetic/ wireless) grant access via web interface or TELNET. The root cause is embedded default credentials that bypass authentication, enabling unauthorized device access. Documents from multip...

Hardcoded credentials

Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...