897 matches found
Exploit for OS Command Injection in Zyxel Vmg8623-T50B_Firmware
CVE-2026-1459-POC POC for the CVE-2026-1459 which payload c...
CVE-2025-57175
Siklu EtherHaul 8010 siklu-uimage-nxp-enc-1062-18707-ea552dc00b devices have a static root password...
EUVD-2025-209317
Siklu EtherHaul 8010 siklu-uimage-nxp-enc-1062-18707-ea552dc00b devices have a static root password...
CVE-2025-57175
Siklu EtherHaul 8010 siklu-uimage-nxp-enc-1062-18707-ea552dc00b devices have a static root password...
CVE-2025-57175
Siklu EtherHaul 8010 siklu-uimage-nxp-enc-1062-18707-ea552dc00b devices have a static root password...
CVE-2025-57175
CVE-2025-57175 affects Siklu EtherHaul 8010 devices (image siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b). The root cause is a static root password present in the affected firmware image. Impact is stated as high confidentiality/integrity/availability (per CVSS) with physical attack vector and hig...
Siklu EtherHaul 安全漏洞
Siklu EtherHaul is a series of millimeter-wave wireless transmission devices developed by Siklu Corporation. The Siklu EtherHaul 8010 siklu-uimage-nxp-enc-1062-18707-ea552dc00b version contains a security vulnerability, which stems from the presence of a static root password...
CVE-2025-57175
Siklu EtherHaul 8010 siklu-uimage-nxp-enc-1062-18707-ea552dc00b devices have a static root password...
CVE-2026-26213
The CVE-2026-26213 issue affects thingino-firmware up to firmware-2026-03-16, where an unauthenticated OS command injection exists in the WiFi captive portal CGI script. An attacker can inject malicious code through unsanitized HTTP parameter names, exploiting eval in parse_query() and parse_post...
CVE-2026-22209
thingino-firmware up to commit e3f6a41 published on 2026-03-15 contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary commands as root by injecting malicious code through unsanitized HTTP parameter...
EUVD-2025-208538
Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etcro/shadow, which allows attackers to log in as root...
PT-2026-24432
Name of the Vulnerable Software and Affected Versions Tenda G1V3.1si version V16.01.7.8 Description The firmware contains a hardcoded password, located in the '/etc ro/shadow' file, that allows attackers to gain root access. The vulnerable file is '/etc ro/shadow'. Recommendations Update to a new...
PT-2026-24431
Name of the Vulnerable Software and Affected Versions Tenda i24V3.0si version 3.0.0.5 Description The firmware contains a hardcoded password, allowing attackers to log in as root. The hardcoded password is located in the '/etc ro/shadow' file. Recommendations Update to a newer version that...
CVE-2026-29120
The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...
EUVD-2026-9375
The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...
CVE-2026-29120 Insecure, Hardcoded Root Password Stored in Anaconda Configuration File On IDC SFX2100 Satellite Receiver
The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...
CVE-2026-29120
The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...
CVE-2026-29120
Technical details beyond what’s in the Initial Description are not publicly provided in the connected documents. Monitor for updates to the CVE-2026-29120 entry as new disclosures may clarify affected components, impact, or remediation.
PT-2026-22883
Name of the Vulnerable Software and Affected Versions IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver affected versions not specified Description The /root/anaconda-ks.cfg installation configuration file insecurely stores a hardcoded root password hash. This password is highly susceptible to...
CVE-2018-12260
An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices...