Lucene search
+L

334 matches found

cve
cve
added 2025/07/09 12:0 a.m.29 views

CVE-2025-52364

CVE-2025-52364 affects Tenda CP3 Pro firmware 22.5.4.93. The issue is an insecure permissions configuration that leaves telnetd enabled by default at boot via /etc/init.d/eth.sh, allowing remote connection to the device shell over the network and potentially without authentication if default or w...

7.5CVSS7.5AI score0.00507EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2025/07/09 12:0 a.m.14 views

CVE-2025-52364

Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service telnetd by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to connect to the device s shell over the network, potentially without authentication if...

0.00507EPSS
Exploits1References2
jvn
jvn
added 2025/06/26 9:15 a.m.5 views

Multiple vulnerabilities in multiple BROTHER products

Overview Multiple BROTHER products provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Exposure of sensitive system information to an unauthorized control sphere CWE-497 - CVE-2024-51977 Use of weak credentials CWE-1391 - CVE-2024-51978 Stack-based buffer overflow...

9.8CVSS7.6AI score0.77472EPSS
Exploits0References25
redhatcve
redhatcve
added 2025/06/12 12:18 a.m.8 views

CVE-2025-46612

The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console default credentials are weak and easily guessable...

7.2CVSS7.3AI score0.00633EPSS
Exploits1References1
cve
cve
added 2025/06/10 12:0 a.m.48 views

CVE-2025-46612

The CVE-2025-46612 issue affects Airleader Master and Airleader Easy before version 6.36. The Panel Designer dashboard permits unrestricted file uploads via wizard/workspace.jsp, enabling remote command execution when an attacker logs into the administrator console (default credentials are weak) ...

7.2CVSS7.8AI score0.00633EPSS
Exploits1References1Affected Software1
redhatcve
redhatcve
added 2025/05/23 10:37 a.m.5 views

CVE-2024-46280

PIX-LINK LV-WR22 RE3002-P1-01V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them...

8.8CVSS6.9AI score0.00298EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 8:33 a.m.9 views

CVE-2024-50699

TP-Link TL-WR845NUNV4201214, TL-WR845NUNV4200909 and TL-WR845NUNV4190219 were discovered to contain weak default credentials for the Administrator account...

8CVSS7.5AI score0.00408EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 7:45 a.m.8 views

CVE-2024-28066

In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used a hardcoded root password...

8.8CVSS7.1AI score0.00451EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 6:37 a.m.10 views

CVE-2024-51051

AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account...

9.8CVSS7.4AI score0.00452EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 2:55 a.m.5 views

CVE-2023-0569

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10...

8.1CVSS7.2AI score0.007EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 2:14 a.m.13 views

CVE-2023-25072

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product...

7.5CVSS7.4AI score0.00831EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 2:5 a.m.11 views

CVE-2023-6951

A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...

6.6CVSS7AI score0.00288EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:22 a.m.13 views

CVE-2019-14929

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management ...

9.8CVSS7.4AI score0.01936EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 8:36 a.m.8 views

CVE-2019-18666

An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested...

10CVSS7.5AI score0.0319EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 4:54 a.m.8 views

CVE-2019-19469

In Zmanda Management Console 3.3.9, ZMCAdminAdvanced?form=adminTasks=Apply= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials...

8.8CVSS7.5AI score0.00604EPSS
Exploits0References1
cnvd
cnvd
added 2025/05/14 12:0 a.m.2 views

Tenda RX2 Pro Weak Credentials Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from a weak credentials vulnerability that stems from the use of weak credentials, which can be exploited by an attacker to authenticate to a telnet service by calculating the root password bas...

8.2CVSS7.2AI score0.00357EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/05/08 12:0 a.m.8 views

CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...

4.8CVSS5.4AI score0.00337EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/05/03 1:38 a.m.22 views

CVE-2025-46627

Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address...

8.2CVSS7.6AI score0.00357EPSS
Exploits1References1
nvd
nvd
added 2025/05/01 8:15 p.m.13 views

CVE-2025-46627

Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address...

8.2CVSS0.00357EPSS
Exploits1References2
cnnvd
cnnvd
added 2025/05/01 12:0 a.m.4 views

Tenda RX2 Pro 安全漏洞

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from a weak credentials vulnerability that stems from the use of weak credentials, which can be exploited by an attacker to authenticate to a telnet service by calculating the root password bas...

8.2CVSS7.1AI score0.00357EPSS
Exploits1References2
Rows per page
Query Builder