PT-2025-50265

Name of the Vulnerable Software and Affected Versions Selea Targa IP OCR-ANPR Camera affected versions not specified Description The Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password that allows unauthorized configuration access. An attacker can exploit a hidden endpoint usi...

EUVD-2025-201542

A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the publi...

CVE-2025-14126

A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the publi...

CVE-2025-14126 TOZED ZLT M30S/ZLT M30S PRO Web hard-coded credentials

A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the publi...

CVE-2025-14126

The CVE-2025-14126 affects TOZED ZLT M30S and ZLT M30S PRO devices (versions 1.47 and 3.09.06) where a vulnerability exists in the Web Interface component that leads to hard-coded credentials being exposed. This requires local-network access and is supported by multiple sources in the Connected d...

TOZED ZLT M30S和TOZED ZLT M30S PRO 信任管理问题漏洞

The TOZED ZLT M30S and TOZED ZLT M30S PRO are both mobile WiFi routers from China's Tongze Kangwei TOZED. A trust management issue vulnerability exists in TOZED ZLT M30S and TOZED ZLT M30S PRO versions 1.47 and 3.09.06, which stems from a hard-coded credentials issue that could lead to a local...

PT-2025-49359

Name of the Vulnerable Software and Affected Versions TOZED ZLT M30S versions 1.47 and 3.09.06 TOZED ZLT M30S PRO versions 1.47 and 3.09.06 Description A security issue exists in TOZED ZLT M30S and ZLT M30S PRO devices. The issue involves hard-coded credentials within an unknown function of the W...

CVE-2025-66237

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

EUVD-2025-201428

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote...

CVE-2025-34256 Advantech WISE-DeviceOn Server < 5.4 Hard-coded JWT Key Authentication Bypass

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote...

CVE-2025-34256 Advantech WISE-DeviceOn Server < 5.4 Hard-coded JWT Key Authentication Bypass

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote...

CVE-2025-34256

Advantech WISE-DeviceOn Server (prior to 5.4) uses a static HS512 HMAC secret to sign EIRMMToken JWTs, enabling forged tokens with a valid email claim. This allows remote, unauthenticated attackers to impersonate any DeviceOn account, including the root super admin, and obtain full administrative...

Advantech WISE-DeviceOn Server 安全漏洞

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a hard-coded encryption key vulnerability that can be exploited by an attacker to impersonate an arbitrary account...

PT-2025-49277

Name of the Vulnerable Software and Affected Versions Advantech WISE-DeviceOn Server versions prior to 5.4 Description The software uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. This allows a remote unauthenticated attacker to generate forged JWTs containin...

goaway 安全漏洞

goaway is a DNS blackhole software by Hugo Personal Developer. A security vulnerability exists in versions prior to goaway 0.62.19, which stems from the use of hard-coded key signing JWT tokens, which could lead to authentication bypass...

expat: Integer overflow in copyString()

An integer overflow flaw was found in expat. This issue affects the encoding name parameter at the parser creation time, which is often hard-coded rather than user input, takes a value in the gigabytes to trigger, and on a 64-bit machine. This flaw can cause a denial of service...

CVE-2025-66237

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

EUVD-2025-201280

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

CVE-2025-66237

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

CVE-2025-66237

CVE-2025-66237 affects Sunbird DCIM dcTrack and related platforms, where default and hard-coded credentials enable an authenticated attacker to administer the database, escalate privileges on the platform, or execute system commands on the host. Multiple sources confirm the existence of hard-code...