CVE-2025-52376

An authentication bypass vulnerability in the /web/umopentelnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet service without authentication, bypassing security controls. The Telnet server is then accessible wi...

ProTNS ActADUR 安全漏洞

ProTNS ActADUR is a local server product from ProTNS Korea. A security vulnerability exists in ProTNS ActADUR versions prior to 2.0.1.9 through 2.0.2.0 that stems from command injection, hard-coded credentials, improper authentication, and binding to an unrestricted IP address, which could lead t...

CVE-2025-7577

A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been classified as problematic. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The complexity of an attack is rather...

CVE-2025-7577

CVE-2025-7577 affects Teledyne FLIR FB-Series O and FLIR FH-Series ID, version 1.3.2.16. The root cause is a hard-coded password that enables a remote attack. Documented impact indicates potential exposure of credentials and partial confidentiality impact, with attack vector over the network and ...

CVE-2025-7577 Teledyne FLIR FB-Series O/FLIR FH-Series ID hard-coded password

A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been classified as problematic. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The complexity of an attack is rather...

CVE-2025-7577 Teledyne FLIR FB-Series O/FLIR FH-Series ID hard-coded password

A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been classified as problematic. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The complexity of an attack is rather...

CVE-2025-7564

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...

CVE-2025-7564

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...

CVE-2025-7564 LB-LINK BL-AC3600 shadow hard-coded credentials

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...

CVE-2025-7564

CVE-2025-7564 affects LB-LINK BL-AC3600 (firmware 1.0.22). The issue is a local-access vulnerability impacting an unknown function in /etc/shadow, where input manipulation of root:blinkadmin leads to hard-coded credentials exposure. Exploitation is locally feasible with the vulnerability describe...

CVE-2025-7564 LB-LINK BL-AC3600 shadow hard-coded credentials

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...

Tenda CP3 Pro 安全漏洞

Tenda CP3 Pro is a smart wireless PTZ camera that combines 360° panoramic surveillance, 3MP HD camera, and Wi-Fi 6 network technology, and supports human/pet detection, cry detection, and one-button calling. Tenda CP3 Pro suffers from a security vulnerability that originates from the presence of ...

Teledyne FLIR FB-Series O和Teledyne FLIR FH-Series ID 安全漏洞

The Teledyne FLIR FB-Series O and Teledyne FLIR FH-Series ID are both a series of thermal imaging cameras from Teledyne FLIR USA. A security vulnerability exists in Teledyne FLIR FB-Series O and Teledyne FLIR FH-Series ID version 1.3.2.16, which stems from the use of hard-coded passwords...

LB-LINK BL-AC3600 安全漏洞

LB-LINK BL-AC3600 is a dual-band Gigabit wireless router from China Bilink LB-LINK that supports 2.4GHz and 5GHz bands for home and small office networks. A security vulnerability exists in LB-LINK BL-AC3600 version 1.0.22, which originates from hard-coded credentials in the file /etc/shadow...

PT-2025-29427 · Teledyne · Teledyne Flir Fb-Series O +1

Name of the Vulnerable Software and Affected Versions: Teledyne FLIR FB-Series O and FLIR FH-Series ID version 1.3.2.16 Description: A problematic issue exists due to the use of a hard-coded password. The attack can be initiated remotely and has a rather high complexity, with exploitation...

CVE-2025-7453

A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipulation with the input 123 leads to use of hard-coded...

CVE-2025-5023

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product measurement unit and display unit to...

Ivanti Desktop and Server Management 安全漏洞

Ivanti Desktop and Server Management Ivanti DSM is a multi-platform, unified endpoint management solution from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Desktop and Server Management versions prior to 2024.2, which stems from a hard-coded key that could allow an...

Use of Hard-coded Password

Overview Affected versions of this package are vulnerable to Use of Hard-coded Password via the NewToken function. An attacker can gain unauthorized access to sensitive information by exploiting the use of a hard-coded password in the JSON Web Token handling process. Remediation There is no fixed...

CVE-2025-7453

A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipulation with the input 123 leads to use of hard-coded...