CVE-2024-36496 Hardcoded Credentials

The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm no salt and uses the first five bytes as the key for RC...

CVE-2024-36496 Hardcoded Credentials

The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm no salt and uses the first five bytes as the key for RC...

(Pwn2Own) Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BLE AppAuthenRequest command...

PT-2024-20201 · Autel · Autel Maxicharger Ac Elite Business C50

Name of the Vulnerable Software and Affected Versions: Autel MaxiCharger AC Elite Business C50 affected versions not specified Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations...

PaperCut NG VendorKeys Hardcoded Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a VendorKeys object. The issue results from the use of hard-coded...

CVE-2024-34539

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions...

CVE-2024-27164

Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL...

CVE-2024-27164

CVE-2024-27164 affects Toshiba printers (including MFP/e-STUDIO) with hardcoded credentials. The NVD entry notes a CVSSv3.1 base score of 7.1 (LOCAL, HIGH). Connected sources indicate multiple Toshiba printer advisories and vulnerability lists, but do not provide vendor-specific exploit details i...

CVE-2024-27164 Hardcoded credentials

Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL...

CVE-2024-27164 Hardcoded credentials

Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL...

CVE-2024-34539

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions...

CVE-2024-34539

CVE-2024-34539 describes hardcoded credentials in TerraMaster TOS firmware up to v5.1, enabling remote login to the mail/webmail server and to the administration panel, with privilege actions possible. Remediation noted in connected sources: upgrade to firmware that removes hardcoded credentials ...

PT-2024-25958 · Terramaster · Terramaster Tos

Name of the Vulnerable Software and Affected Versions: TerraMaster TOS firmware versions through 5.1 Description: The issue concerns hardcoded credentials in the firmware, allowing a remote attacker to login to the mail or webmail server. These credentials can also be used to access the...

PT-2024-21697 · Toshiba · Toshiba Printers

Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue concerns hardcoded credentials in Toshiba printers. There is no information provided about the estimated number of potentially affected devices worldwide or details about...

The vulnerability of the software recovery and backup console of Veeam Recovery Orchestrator allows a perpetrator to escalate their privileges.

The vulnerability of the software recovery and backup console of Veeam Recovery Orchestrator lies in the use of rigidly encoded credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain increased privileges...

Schneider Electric EcoStruxure IT Gateway Trust Management Issue Vulnerability

Schneider Electric EcoStruxure IT Gateway is a suite of cloud-based Data Center Management-as-a-Service DMaaS products from Schneider Electric, France. A trust management issue vulnerability exists in Schneider Electric EcoStruxure IT Gateway version 1.20.x and prior versions, which stems from th...

CVE-2024-2420

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements...

CVE-2024-2420

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements...

CVE-2024-2420 LenelS2 NetBox Hardcoded Credentials

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements...

CVE-2024-2420 LenelS2 NetBox Hardcoded Credentials

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements...