CVE-2017-17107

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session...

CVE-2017-17107

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session...

PT-2017-3410 · Xiongmai Technology · Xiongmai Ip Cameras +2

Name of the Vulnerable Software and Affected Versions: Xiongmai Technology IP Cameras and DVRs affected versions not specified Description: A Stack-based Buffer Overflow issue has been discovered, which may allow an attacker to execute code remotely or crash the device. After rebooting, the devic...

Xiongmai Technology IP Cameras and DVRs

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Xiongmai Technology Equipment: IP Cameras and DVRs Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of Xiongmai Technology IP cameras and DVRs are affected: All IP Cameras and DVRs...

The vulnerability of the TCP/IP software for the JanTek JTC-200 converter, related to deficiencies in authentication procedures, allows a hacker to gain access to the BusyBox Linux shell.

The vulnerability of the TCP/IP microprogramming software of the JanTek JTC-200 converter is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process and gain access to the BusyBox Linux shell using the Teln...

The vulnerability of the Altum router’s microprogramming software relates to the use of pre-installed user accounts, which allow attackers to gain access to the embedded operating system with administrator privileges.

The vulnerability of the Altum router microprogramming system is related to the use of a pre-installed root account. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to the embedded operating system with administrator privileges using SSH or Telnet connections...

ZyXEL PK5001Z Modem - Backdoor Account

ZyXEL PK5001Z Modem - Backdoor Account Exploit Title: ZyXEL PK5001Z Modem - CenturyLink Hardcoded admin and root Telnet Password. Google Dork: n/a Date: 2017-10-31 Exploit Author: Matthew Sheimo Vendor Homepage: https://www.zyxel.com/ Software Link: n/a Version: PK5001Z 2.6.20.19 Tested on: Linux...

Polycom Command Shell Authorization Bypass Exploit

The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prom...

The vulnerability of the Alphanetworks account service allows a hacker to gain root access, enabling them to gain control over the D-Link DIR-850L router’s microprogramming software.

The vulnerability of the Alphanetworks account registration service, a microprogramming-based router operating system from D-Link, DIR-850L, lies in the rigid encoding of registration data during device reboots. Exploiting this vulnerability could allow an attacker, operating remotely, to gain ro...

D-Link DIR-850L REV.B Privilege Acquisition Vulnerability

The D-Link DIR-850L REV.B is a wireless router from AUO D-Link. A security vulnerability exists in the D-Link DIR-850L REV.B using firmware FW208WWb02 and prior versions, which stems from the use of hard-coded passwords for the Alphanetworks account. A remote attacker can exploit the vulnerabilit...

PT-2017-2899 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue is related to a hardcoded password for the Alphanetworks account, which is set to wrgac25 dlink.2013gui dir850l upon device reset. This allows remote attackers to obtai...

China Mobile and Routing App has ftp backdoor vulnerability

China Mobile He-Route APP is a cell phone supporting service software for He-Route. A ftp backdoor vulnerability exists in the China Mobile He-Route APP. The vulnerability is caused by writing ftp account passwords into the application. An attacker can use the vulnerability to obtain ftp account...

D-Link DIR Elevation of Privilege Vulnerability

D-Link DIR-615 is a small wireless router product from AUO D-Link. A security vulnerability exists in D-Link DIR-615 versions prior to 20.12PTb04. A remote attacker can exploit this vulnerability to gain access to the administrator account with the help of a TELNET connection...

JVN#48823557: Multiple Buffalo wireless LAN access point devices do not properly perform authentication

WAPM-1166D and WAPM-APG600H provided by BUFFALO INC. are wireless LAN access point devices. WAPM-1166D and WAPM-APG600H do not properly perform authentication CWE-287. Impact An attacker who can access the device may log in via telnet without authentication and access the configuration interface ...

CVE-2017-11436

D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection...

Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery

Dasan Networks GPON ONT WiFi Router H64X Series Cross-Site Request Forgery Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Model: H640GR-02 H640GV-03 H640GW-02 H640RW-02 H645G Firmware: 3.03p1-1145 3.03-1144-01 3.02p2-1141...

CVE-2017-7964

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process...

CVE-2017-7576

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials such as the username of energetic and password of wireless meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in...

CVE-2016-10307

Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public but the cleartext value is perhaps not yet public. This account is accessible via SSH and/or TELNET, and...

CVE-2016-10305

Trango Apex = 2.1.1, ApexLynx 2.0, ApexOrion 2.0, ApexPlus = 3.2.0, Giga = 2.6.1, GigaLynx 2.0, GigaOrion 2.0, GigaPlus = 3.2.3, GigaPro = 1.4.1, StrataLink 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software...