Hardcoded credentials

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on...

VulnCheck KEV: CVE-2014-2321

webshellcmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials...

DEPSTECH WiFi Digital Microscope 安全漏洞

DEPSTECH WiFi Digital Microscope is a wifi industrial endoscope from Shenzhen Shenzhen Deepsea Innovation Technology Co. A security vulnerability exists in the DEPSTECH WiFi Digital Microscope 3, which stems from the device allowing TELNET connections using the molinkadmin password for the molink...

A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass

Overview SCT-40CM01SR and AT-40CM01SR provided by A-Stage Inc. are liquid crystal televisions. SCT-40CM01SR and AT-40CM01SR contain an authentication bypass vulnerability CWE-287. Shinnosuke Tokusho reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

The vulnerability of the serial interface converters NPort IA5150A/IA5250A, IA5450A lies in the lack of protection for transmitted data. This allows attackers to gain unauthorized access to protected information through Telnet connections.

The vulnerability of the serial interface converters NPort IA5150A/IA5250A, IA5450A lies in the lack of protection for transmitted data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information through Telnet connections...

Default credentials

Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn...

CVE-2020-21995

Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...

Backdoor.Win32.Celine Missing Authentication

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3a634db497c417679d7a20587d689d1f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Celine Vulnerability: Missing Authentication Description: MTX Celine Trojan 3.3.3 by...

Backdoor.Win32.Kraimer.11 Missing Authentication

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2a4fda4a6687981d32c2da7bdc1efcf1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Kraimer.11 Vulnerability: Missing Authentication Description: Kraimer listens for...

Unauthorized Access Vulnerability in CMCC R3S-3 at CMCC IoT Ltd.

The CMCC R3S-3 is a router. An unauthorized access vulnerability exists in the CMCC R3S-3 of CMCC Internet of Things Ltd. An attacker can exploit the vulnerability to remotely enable telnet and obtain the telnet password...

CVE-2020-26201

Askey AP5100WDualSIG1.01.097 and all prior versions use a weak password at the Operating System rlx-linux level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH...

VulnCheck KEV: CVE-2017-8224

Wireless IP Camera P2P WIFICAM devices have a backdoor root account that can be accessed with TELNET...

CVE-2020-29376

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@ly$z%x6x7q8c9z password for the admin account to authenticate to the TELNET service...

Authentication flaw

An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access...

CVE-2020-29379

An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access...

V-SOL Authorization Issues Vulnerability

Wisepac V-Solution V1600D4L is a Gpon-enabled terminal device for connecting fiber optic trunk lines from Wisepac China. VIA Communications V-Solution V1600D-MINI is a Gpon-enabled terminal device for connecting fiber optic trunk lines from VIA Communications, China. A security vulnerability exis...

Basetech Ge-131 Bt-1837836 安全漏洞

The BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera. An arbitrary system command execution vulnerability exists in the BASETech GE-131 BT-1837836. The vulnerability stems from the device using default credentials for a telnet server. A remote attacker can exploit this vulnerability to execut...

PT-2020-4426 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: The issue is related to errors in access control for the Telnet/Secure Shell SSH command-line interface of Cisco IOS XE Software. This could allow an authenticated, local...

CVE-2018-20432

D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration...

PT-2020-3947 · D Link · D-Link Covr-2600R +1

Name of the Vulnerable Software and Affected Versions: D-Link COVR-2600R and COVR-3902 Kit versions prior to 1.01b05Beta01 Description: The issue is related to the use of hardcoded credentials for telnet connections, allowing unauthenticated attackers to gain privileged access to the router. This...