Lucene search
K

886 matches found

NVD
NVD
added 2026/01/09 12:15 p.m.4 views

CVE-2025-7072

The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text shared across all routers of this model that an unauthenticated remote attacker could use to execute commands with root privileges. This vulnerability has been fixed in firmware version: 1.00.67 for...

9.3CVSS0.00543EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/09 11:30 a.m.24 views

CVE-2025-7072 Hardcoded credentials in KAON CG3000T/CG3000CT routers

The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text shared across all routers of this model that an unauthenticated remote attacker could use to execute commands with root privileges. This vulnerability has been fixed in firmware version: 1.00.67 for...

9.3CVSS0.00543EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.7 views

CVE-2019-12776

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocaterevB scripts copies the hardcoded key to...

10CVSS7.5AI score0.02016EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:11 a.m.5 views

CVE-2025-64420

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and...

9.9CVSS6.7AI score0.00495EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.5 views

PT-2026-1438

Name of the Vulnerable Software and Affected Versions H3C M102G HM1A0V200R010 wireless controller H3C BA1500L SWBA1A0V100R006 wireless access point Description A misconfiguration exists in the vsftpd component of the affected devices. This allows remote attackers to gain root-level control over t...

9.8CVSS6.8AI score0.00491EPSS
Exploits1References10
EUVD
EUVD
added 2025/12/31 9:30 p.m.6 views

EUVD-2025-206080

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices...

9.3CVSS6.9AI score0.00282EPSS
Exploits1References5
CVE
CVE
added 2025/12/31 6:39 p.m.11 views

CVE-2021-47744

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains a hard-coded credentials issue in its Linux distribution, exposing remote root access via the static password 'Chameleon' over Telnet or SSH. Public sources note potential remote root compromise for affected devices; CVSS metrics in the entry indic...

9.3CVSS7AI score0.00282EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/31 6:39 p.m.24 views

CVE-2021-47744 Cypress Solutions CTM-200/CTM-ONE 1.3.6 Hard-coded Credentials Remote Root

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices...

9.3CVSS0.00282EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.8 views

PT-2025-54425

Name of the Vulnerable Software and Affected Versions Cypress Solutions CTM-200/CTM-ONE version 1.3.6 Description The software contains a hard-coded credential issue in its Linux distribution, exposing root access. An attacker can exploit the static password 'Chameleon' to gain remote root access...

9.3CVSS7.1AI score0.00282EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.4 views

Cypress CTM-ONE 信任管理问题漏洞

The Cypress CTM-ONE is a wireless LTE gateway from Cypress Canada. A trust management issue vulnerability exists in Cypress CTM-ONE version 1.3.6, which stems from the presence of hard-coded credentials in the Linux distribution that could allow an attacker to gain remote root access...

9.3CVSS7.3AI score0.00282EPSS
Exploits1References4
CVE
CVE
added 2025/12/30 10:41 p.m.16 views

CVE-2024-58338

Anevia Flamingo XL 3.2.9 is affected by a restricted shell escape via the traceroute command. The underlying issue allows remote attackers to bypass the sandboxed login environment and inject shell commands, gaining full root access to the device. Documented impact includes full control and poten...

10CVSS7.1AI score0.00718EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/30 10:41 p.m.3 views

CVE-2024-58338 Anevia Flamingo XL 3.2.9 Remote Root Jailbreak via Traceroute Command

Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the...

10CVSS7.1AI score0.00718EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/12/30 10:41 p.m.38 views

CVE-2024-58338 Anevia Flamingo XL 3.2.9 Remote Root Jailbreak via Traceroute Command

Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the...

10CVSS0.00718EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/12/30 10:41 p.m.2 views

CVE-2022-50691 MiniDVBLinux 5.4 Remote Root Command Execution via commands.sh

MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...

9.8CVSS8AI score0.01261EPSS
Exploits3References3
Cvelist
Cvelist
added 2025/12/30 10:41 p.m.24 views

CVE-2022-50691 MiniDVBLinux 5.4 Remote Root Command Execution via commands.sh

MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...

9.8CVSS0.01261EPSS
Exploits3References3
Cvelist
Cvelist
added 2025/12/24 7:27 p.m.27 views

CVE-2019-25241 FaceSentry Access Control System 6.4.8 Remote SSH Root Access

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

9.8CVSS0.00654EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/12/05 12:9 a.m.13 views

CVE-2025-54304

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display server listens on all network interfaces and is accessible over port 6000. The X11 access control list, by default, allows connections from...

9.8CVSS7.6AI score0.00436EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 3:15 p.m.8 views

CVE-2025-54304

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display server listens on all network interfaces and is accessible over port 6000. The X11 access control list, by default, allows connections from...

9.8CVSS0.00436EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/04 12:0 a.m.3 views

CVE-2025-53963

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with netwo...

7.5AI score0.00403EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/04 12:0 a.m.16 views

CVE-2025-53963

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with netwo...

0.00403EPSS
Exploits0References3
Rows per page
Query Builder