122 matches found
Hauk 信任管理问题漏洞
Hauk is a fully open source, self-hosted location sharing service from the individual developer Marius Lindvall. A security vulnerability exists in Hauk v1.6.1, which stems from hardcoded passwords stored in plaintext in the config.php file on the server side and on the android client device...
Seiko Solutions SkyBridge MB-A200 信任管理问题漏洞
The Seiko Solutions SkyBridge MB-A200 is a multi-carrier LTE-compatible IoT router from Seiko Solutions, Japan. A security vulnerability exists in Seiko Solutions SkyBridge MB-A200 version v01.00.04 and earlier versions, which originates from multiple hardcoded passwords containing root...
The vulnerability of the software platform for collaborative code development on GitLab arises from the installation of hardcoded passwords for user accounts registered using the OmniAuth provider. This allows attackers to gain access to users’ accounts.
The vulnerability of the software platform for collaborative code development on GitLab is related to the installation of hardcoded passwords for accounts registered using the OmniAuth provider OAuth, LDAP, and SAML. Exploiting this vulnerability could allow a malicious actor, operating remotely,...
CVE-2021-37163
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded...
CVE-2021-37163
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded...
CVE-2021-37163
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded...
CVE-2021-37163
CVE-2021-37163 affects Swisslog Healthcare Nexus HMI3 Control Panel (Nexus software before 7.2.5.7). The device has two hardcoded passwords and an insecure permissions issue, enabling potential unauthorized access over the network. Impact details are described as high/severe in the CVSS metrics. ...
CVE-2020-25752
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. T...
CVE-2020-25752
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. T...
CVE-2020-1716
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph...
CVE-2020-1716
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph...
CVE-2020-12039
Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration value...
CVE-2020-12039
Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration value...
CVE-2020-12039
Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration value...
CVE-2020-12039
CVE-2020-12039 affects Baxter Sigma Spectrum Infusion System v6.x (35700BAX) and v8.x (35700BAX2); hard-coded passwords entered via keypad grant access to biomedical menus, including device settings, calibration values, and WBM network configuration. This is a local/physical-access issue with pub...
ceph-ansible: hard coded credential in ceph-ansible playbook
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph...
Schneider-electric Quantum Unspecified Vulnerability
The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...
Schneider Electric Quantum Ethernet Module Multiple Versions Hardcoded Passwords
Binary data 720009.prm...
Command injection
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40ULM.0b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit...
Hospira LifeCare PCA Infusion System Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-125-01 Hospira LifeCare PCA Infusion System Vulnerabilities that was published May 5, 2015, on the NCCIC/ICS-CERT web site. Independent researcher Billy Rios has identified an improper authorization vulnerabilit...