156 matches found
CVE-2022-23506 Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
CVE-2022-38557
D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh...
CVE-2022-28377
On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of th...
CVE-2022-28377
On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of th...
CVE-2022-28377
On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of th...
CVE-2022-28377
Affected: Verizon 5G Home LVSKIHP IDU 3.4.66.162 and ODU 3.33.101.0. Root cause: CRTC/ODU RPC endpoints rely on a static account username/password for access control, and the password can be generated via a firmware binary after determining the IDU’s base Ethernet MAC and setting DEVICE_MANUFACTU...
Verizon 5G Home LVSKIHP 安全漏洞
The Verizon 5G Home LVSKIHP is an all-in-one integrated modem and router from Verizon USA. It provides access to Verizon Wireless 5G wireless home Internet service. The Verizon 5G Home LVSKIHP InDoorUnit IDU version 3.4.66.162 and OutDoorUnit ODU version 3.33.101.0 devices have a security...
Multiple vulnerabilities in Trend Micro ServerProtect
Overview Trend Micro Incorporated has released security updates for ServerProtect. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Remote control execution due to insufficiently protected static credentials Denial-of-servic...
CVE-2020-11925
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model...
CVE-2020-28999
An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into a shared library...
Geeni Multiple Product Security Vulnerabilities
Geeni GNC-CW028 and so on are products of Geeni USA.Geeni GNC-CW028 is an indoor webcam.Geeni GNC-CW025 is an indoor webcam.Merkury MI-CW024 and so on are products of Merkury USA.Merkury MI-CW024 is an indoor webcam.Merkury MI-CW017 is an indoor webcam. Geeni A security vulnerability exists in...
Cisco Smart Software Manager Satellite Static Credentials Vulnerability
Cisco Smart Software Manager Satellite is a Cisco component for Cisco product license management. A static credentials vulnerability exists in Cisco Smart Software Manager Satellite version 5.1.0 and earlier. The vulnerability stems from inadequate protection of static credentials. An attacker ca...
CVE-2021-1219
A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this...
CVE-2021-1219
A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this...
Design/Logic Flaw
A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this...
Cisco Smart Software Manager Satellite Static Credential Vulnerability
A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this...
Cisco Smart Software Manager 信任管理问题漏洞
Cisco Smart Software Manager Satellite is a Cisco component for Cisco product license management. A static credentials vulnerability exists in Cisco Smart Software Manager Satellite version 5.1.0 and earlier. The vulnerability stems from inadequate protection of static credentials. An attacker ca...
Cisco Security Manager Input Validation Error Vulnerability (CNVD-2020-72726)
Cisco Security Manager CSM is a suite of enterprise-level management applications from Cisco that are used to configure firewall, VPN, and intrusion protection security services on Cisco network and security devices. A security vulnerability exists in Cisco Security Manager that stems from...
Cisco Patches Critical Flaw After PoC Exploit Code Release
A day after proof-of-concept PoC exploit code was published for a critical flaw in Cisco Security Manager, Cisco has hurried out a patch. Cisco Security Manager is an end-to-end security management application for enterprise administrators, which gives them the ability to enforce various security...
CVE-2020-27125
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by...