CVE-2025-6139

CVE-2025-6139 affects TOTOLINK T10, version 4.1.8cu.5207. A vulnerability in the file /etc/shadow.sample allows use of a hard-coded password due to trust-management weaknesses. Attack requires proximity (local network) with high complexity, and the vulnerability potentially impacts confidentialit...

CVE-2025-6139 TOTOLINK T10 shadow.sample hard-coded password

A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network...

TOTOLINK T10 安全漏洞

TOTOLINK T10 is a wireless network system router from China's Gion Electronics TOTOLINK. The TOTOLINK T10 suffers from a trust management issue vulnerability that stems from the use of hard-coded passwords in the file /etc/shadow.sample. An attacker could exploit the vulnerability to cause...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials for the Service Account. An attacker could use the Service Account as a backdoor to the system using the leaked credentials. Remediation Upgrade openc3 to version 6.0.2 or higher. References - GitHub Commit...

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS versions prior to v6.0.2 that stems from the use of hard-coded credentials for service accounts...

CVE-2025-35940

The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints...

Vulnerabilities fixed in Ivanti Workspace Control

Ivanti has fixed vulnerabilities in Ivanti Workspace Control Specifically for versions prior to 10.19.10.0. The vulnerabilities are in the hard-coded keys within Ivanti Workspace Control, specifically in versions prior to 10.19.10.0. These vulnerabilities allow local, authenticated attackers to...

CVE-2025-35940 Hard-coded ArchiverSpaApi JWT Signing Key

The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints...

CVE-2025-35940

The CVE-2025-35940 entry concerns ArchiverSpaApi (ASP.NET) that uses a hard-coded JWT signing key. The information across sources indicates an unauthenticated attacker can generate a verifiable JWT token to access protected ArchiverSpaApi endpoints (e.g., /api/v1/login, /users/{id}). The Red Hat ...

CVE-2025-35940 Hard-coded ArchiverSpaApi JWT Signing Key

The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints...

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control is a suite of workspace control software from Ivanti USA. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control prior to version 10.19.0.0, which stems from a...

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control is a suite of workspace control software from Ivanti USA. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control versions prior to 10.19.10.0, which stems from a...

GFI Archiver 信任管理问题漏洞

GFI Archiver is an e-mail archiving software from GFI, Inc. for protecting, storing and retrieving your electronic communications. GFI Archiver suffers from a trust management issue vulnerability that stems from hard-coding JWT signing keys, which could lead to unauthorized access...

PT-2025-25590 · Totolink · Totolink T10

Name of the Vulnerable Software and Affected Versions: TOTOLINK T10 version 4.1.8cu.5207 Description: A problematic issue has been found, affecting some unknown functionality of the file /etc/shadow.sample. This issue leads to the use of a hard-coded password. The attack can only be initiated...

CVE-2025-5751

WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this...

CVE-2025-5751

WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this...

CVE-2025-5751 WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability

WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this...

CVE-2025-5751 WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability

WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this...

CVE-2025-5751

The CVE-2025-5751 issue affects WOLFBOX Level 2 EV Charger and stems from the management card handling: lack of personalization enables authentication bypass. Physical access is required to exploit, with no user interaction needed. The vulnerability allows an attacker to bypass authentication on ...

CVE-2025-3321 Use of Hard-coded Credentials in OnlineSuite

A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server...