RHEL 7 : sudo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sudo: Unauthorized privilege escalation in sudoedit CVE-2015-5602 - sudo: by using ! character in the...

rpm-ostree: world-readable /etc/shadow file

A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...

TOTOLINK CP900L 安全漏洞

The TOTOLINK CP900L is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK CP900L suffers from a hard-coded password vulnerability that originates from the inclusion of a hard-coded password in /etc/shadow.sample, which can be exploited by an attacker to log in as root...

TOTOLINK CP450 Hardcoded Password Vulnerability

TOTOLINK CP450 is an outdoor wireless client terminal device manufactured by China Gion Electronics Company TOTOLINK, which is mainly used for wireless broadband access service in rural and remote areas. A hard-coded password vulnerability exists in the TOTOLINK CP450, which can be exploited by a...

TOTOLINK EX200 安全漏洞

The TOTOLINK EX200 is a 2.4G wireless range extender from China's TOTOLINK. It is designed to extend the coverage of existing Wi-Fi networks and eliminate "blind spots". The TOTOLINK EX200 suffers from a hard-coded password vulnerability that originates from the /etc/shadow.sample file, which can...

AZL-42310 CVE-2024-2905 affecting package rpm-ostree for versions less than 2024.4-3

A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...

CVE-2024-2905

A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...

Fedora 39 : rpm-ostree (2024-4afd3d38ae)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4afd3d38ae advisory. Backport fix for /etc/gshadow permissions Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...

CVE-2024-22085

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable...

CVE-2024-22085

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable...

CVE-2024-22085

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable...

CVE-2024-22085

CVE-2024-22085 affects Elspec G5 digital fault recorder, versions 1.1.4.15 and older. The vulnerability is that the shadow file is world readable, enabling local access to sensitive account data and impacting confidentiality. The CVSSv3.1 vector is AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N with a base ...

CVE-2024-22085

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable...

PT-2024-19196 · Elspec · Elspec G5 Digital Fault Recorder

Name of the Vulnerable Software and Affected Versions: Elspec G5 digital fault recorder versions 1.1.4.15 and before Description: An issue was discovered in the Elspec G5 digital fault recorder where the shadow file is world readable. Recommendations: For Elspec G5 digital fault recorder versions...

PT-2024-10759 · Rad · Rad Secflow-2

Name of the Vulnerable Software and Affected Versions: RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 Description: The issue allows URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow. This can potentially lead to unauthorized...

GL.iNet AR300M 4.3.7 Arbitrary File Write

!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Arbitrary File Write Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

The vulnerability of the /etc/shadow component of the TOTOLINK X6000R router’s microprogramming system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the /etc/shadow component of the TOTOLINK X6000R router’s microprogramming system is related to the use of pre-set user accounts. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

PT-2024-1903 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: Totolink X6000R version 9.4.0cu.852 B20230719 Description: A vulnerability was found in the file /etc/shadow of the Totolink X6000R, which is related to the use of hard-coded credentials. The manipulation of this vulnerability can lead to...

CVE-2024-24324

TOTOLINK A8000RU v7.1cu.643B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow...

CVE-2024-22894

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file...