PT-2019-19276 · Dasan · Dasan H665

Name of the Vulnerable Software and Affected Versions: DASAN H665 version 1.46p1-0028 Description: A backdoor account exists in the /bin/login of DASAN H665 devices, allowing an attacker to login to the admin account via TELNET using the account dnsekakf2$$. This issue has seen increased interest...

CVE-2018-19069

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of...

CVE-2018-19069

The CVE-2018-19069 entry affects Foscam C2 devices (System Firmware 1.11.1.8 and App Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11 and App Firmware 2.21.1.128). The issue involves CGIProxy.fcgi?cmd=setTelnetSwitch being authorized for the root user with the password “toor,”...

CVE-2016-9495

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port 23 can be obtained through using one of a few default credentials shared among all devices...

CVE-2016-9497

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many...

Baseon Lantronix MSS Device Information Disclosure Vulnerability

Baseon Lantronix MSS devices is a serial communication server device from Lantronix USA. A security vulnerability exists in Baseon Lantronix MSS devices that originates from access to TELNET, programmed to require a password for difficulty. An attacker could exploit the vulnerability to log into...

Default credentials

Baseon Lantronix MSS devices do not require a password for TELNET access...

CVE-2018-12925

Baseon Lantronix MSS devices do not require a password for TELNET access...

CVE-2018-12925

Baseon Lantronix MSS devices do not require a password for TELNET access...

CVE-2018-12526

Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account...

TP-Link TL-WA850RE - Remote Command Execution

!/usr/bin/env python Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Command Execution Date: 19/06/2018 Exploit Author: yoresongo - Advisability S.A.S Colombia www.advisability.co Vendor Homepage: https://www.tp-link.com/ Firmware Link:...

CVE-2018-6210

D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session...

The vulnerability of the PROFIBUS-Ethernet gateway Softing AG FG-100 PB lies in the use of pre-set credentials, allowing a intruder to gain access to the device with root privileges.

The vulnerability of the PROFIBUS-Ethernet gateway Softing AG FG-100 PB lies in the use of pre-set credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the device with root privileges through a Telnet connection...

CVE-2018-10024

ubiQuoss Switch VP5208A creates a bcmpassword file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH or TELNET if it is enabled...

Foxconn femtocell FEMTO AP-FC4064-T Default Password Vulnerability

The Foxconn femtocell FEMTO AP-FC4064-T is a home base station device from Foxconn. A security vulnerability exists in the Foxconn femtocell FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15 version, which stems from the use of a weak default password for privileged accounts. The vulnerability...

Hardcoded credentials

A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that i...

The vulnerability of Xiongmai Technology’s micro-programmed software for IP cameras and video recorders, related to buffer overflow attacks, allows intruders to execute arbitrary codes or trigger an emergency shutdown of the devices.

The vulnerability of Microprogrammed Software for IP Cameras and Video Recorders from Xiongmai Technology, which use the NetSurveillance web interface, is related to buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code or trigger a crash of the devic...

Multiple Vulnerabilities in Sprecher AutomationSPRECON-E-C,PU-2433

Sprecher Automation GmbH provides switchgear and automation solutions for energy, industry and infrastructure development, among others. Power utilities, industry, transportation companies, municipal utilities and public institutions are among its customers. 1 An authentication path traversal...

The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software relates to the use of pre-installed credentials, allowing a intruder to gain access to the device with root privileges.

The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software is related to the use of pre-set credentials the password “cat1029” for the “root” user. Exploiting this vulnerability allows a malicious actor to gain access to the device with root privileges through a Telnet...

Zivif PR115-204-P-RS Information Disclosure Vulnerability

The Zivif PR115-204-P-RS is a webcam device. An information disclosure vulnerability exists in the Zivif PR115-204-P-RS version 2.3.4.2103, which stems from the program using a hard-coded cat1029 password for the root user. An attacker can exploit this vulnerability to gain access to the device...