233 matches found
Wireshark安全漏洞
Wireshark is a network packet analyzer. Wireshark is a network packet analyzer that captures network packets and displays the most detailed packet information possible.Wireshark uses WinPCAP as an interface to exchange data packets directly with the network card. An infinite loop vulnerability...
Advantech BB-ESWGP506-2SFP-T Use of Hard-coded Credentials Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech BB-ESWGP506-2SFP-T industrial switches. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telnet service, which listens on TCP port 23 by...
Advantech BB-ESWGP506-2SFP-T Hardcoded Vulnerability
The Advantech BB-ESWGP506-2SFP-T is an application from CHAAdvantech that provides an intelligent electric bus management system. A hard-coded vulnerability in the Advantech BB-ESWGP506-2SFP-T allows remote attackers to exploit the vulnerability to submit a special request, gain unauthorized acce...
CVE-2021-22667
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T versions 1.01.01 and prior...
CVE-2021-22667
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T versions 1.01.01 and prior...
Hardcoded credentials
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T versions 1.01.01 and prior...
CVE-2021-22667
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T versions 1.01.01 and prior...
CVE-2021-22667
CVE-2021-22667 affects Advantech BB-ESWGP506-2SFP-T industrial switches (versions 1.01.09 and prior). The root cause is hard-coded credentials in the device, enabling unauthorized access and arbitrary code execution. ZDI specifies exploitation via the telnet service (port 23) with a hard-coded ad...
Advantech BB-ESWGP506-2SFP-T
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: BB-ESWGP506-2SFP-T Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized...
The vulnerability of the web interface of the microprogramming software for the Advantech BB-ERT351 network router allows a hacker to disclose passwords of network services.
The vulnerability of the web interface of the Advantech BB-ERT351 network router lies in the absence of a mechanism for masking passwords when they are displayed in the web interface. Exploiting this vulnerability can allow an attacker to disclose passwords from network services such as PPTP and...
The vulnerability of the microprogrammed network router Advantech BB-ERT351, related to the use of a unreliable cryptographic algorithm, allows a hacker to retrieve the administrator password from the hash.
The vulnerability of the microprogrammed network router Advantech BB-ERT351 is related to the use of a unreliable cryptographic algorithm for hashing passwords. Exploiting this vulnerability could allow an attacker, operating remotely, to retrieve the administrator’s password from the hash...
The vulnerability of the microprogrammed network router Advantech BB-ERT351, related to authentication errors, allows a hacker to obtain the administrator’s password.
The vulnerability of the microprogrammed network router Advantech BB-ERT351 is related to the lack of restrictions on the number of authentication attempts. Exploiting this vulnerability allows a malicious actor to brute-force the administrator password remotely...
The vulnerability of the microprogrammed network router Advantech BB-ERT351, related to insufficient protection of the website structure, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the microprogrammed network router Advantech BB-ERT351 is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using specially crafted URLs...
The vulnerability of the microprogrammed network router Advantech BB-ERT351, related to the default use of the HTTP protocol, allows a hacker to intercept administrator credentials and other confidential information.
The vulnerability of the microprogrammed network router Advantech BB-ERT351 is related to the default use of the HTTP protocol during the implementation of the “Basic HTTP Authentication” method. Exploiting this vulnerability allows a malicious actor to intercept administrator credentials and oth...
CVE-2021-27167
An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init3bbpassword in libciadaptationlayer.so...
bb-q.ru Cross Site Scripting vulnerability OBB-1457993
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
bb-lugano.ch Cross Site Scripting vulnerability OBB-1366441
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
bb-lugano.ch Cross Site Scripting vulnerability OBB-1359616
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Malicious Package in bb-builder
All versions of bb-builder contained malicious code. The package ran an executable targeting Windows and uploaded information to a remote server. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...
GHSA-VM6V-W6Q2-MRRQ Malicious Package in bb-builder
All versions of bb-builder contained malicious code. The package ran an executable targeting Windows and uploaded information to a remote server. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...