334 matches found
CVE-2025-52364
CVE-2025-52364 affects Tenda CP3 Pro firmware 22.5.4.93. The issue is an insecure permissions configuration that leaves telnetd enabled by default at boot via /etc/init.d/eth.sh, allowing remote connection to the device shell over the network and potentially without authentication if default or w...
CVE-2025-52364
Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service telnetd by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to connect to the device s shell over the network, potentially without authentication if...
Multiple vulnerabilities in multiple BROTHER products
Overview Multiple BROTHER products provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Exposure of sensitive system information to an unauthorized control sphere CWE-497 - CVE-2024-51977 Use of weak credentials CWE-1391 - CVE-2024-51978 Stack-based buffer overflow...
CVE-2025-46612
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console default credentials are weak and easily guessable...
CVE-2025-46612
The CVE-2025-46612 issue affects Airleader Master and Airleader Easy before version 6.36. The Panel Designer dashboard permits unrestricted file uploads via wizard/workspace.jsp, enabling remote command execution when an attacker logs into the administrator console (default credentials are weak) ...
CVE-2024-46280
PIX-LINK LV-WR22 RE3002-P1-01V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them...
CVE-2024-50699
TP-Link TL-WR845NUNV4201214, TL-WR845NUNV4200909 and TL-WR845NUNV4190219 were discovered to contain weak default credentials for the Administrator account...
CVE-2024-28066
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used a hardcoded root password...
CVE-2024-51051
AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account...
CVE-2023-0569
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10...
CVE-2023-25072
Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product...
CVE-2023-6951
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...
CVE-2019-14929
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management ...
CVE-2019-18666
An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested...
CVE-2019-19469
In Zmanda Management Console 3.3.9, ZMCAdminAdvanced?form=adminTasks=Apply= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials...
Tenda RX2 Pro Weak Credentials Vulnerability
Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from a weak credentials vulnerability that stems from the use of weak credentials, which can be exploited by an attacker to authenticate to a telnet service by calculating the root password bas...
CVE-2025-47730
The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...
CVE-2025-46627
Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address...
CVE-2025-46627
Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address...
Tenda RX2 Pro 安全漏洞
Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from a weak credentials vulnerability that stems from the use of weak credentials, which can be exploited by an attacker to authenticate to a telnet service by calculating the root password bas...