CVE-2024-46328

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root...

Vonets VAP11G-300 安全漏洞

Vonets VAP11G-300 is a multi-functional wireless bridge and repeater device from China Houtian Vonets. It is based on the IEEE 802.11n standard and has a wireless rate of up to 300Mbps. A security vulnerability exists in the Vonets VAP11G-300 version 3.3.23.6.9, which originates from hard-coded...

ABB Cylon Aspect 3.07.01 Hard-Coded Credentials

ABB Cylon Aspect 3.07.01 config.inc.php Hard-coded Credentials in phpMyAdmin Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.01 Summary: ASPECT is an award-winning scalable building energy...

ABB Cylon Aspect 3.07.01 (config.inc.php) Hard-coded Credentials in phpMyAdmin

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller is operating with default and hard-coded...

IceCMS 安全漏洞

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . An authentication bypass vulnerability exists in IceCMS v3.4.7 and earlier versions, which stems from the inclusion of hard-coded JWT keys that can be exploited by an attacker to forge JWT...

CVE-2024-43423 Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Use of Hard-coded Password

The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed...

CVE-2024-43423 Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Use of Hard-coded Password

The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed...

Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Dover Fueling Solutions DFS Equipment : ProGauge MAGLINK LX CONSOLE Vulnerabilities : Command Injection, Improper Privilege Management, Use of Hard-coded Password, Cross-site Scripting,...

CVE-2024-39342

Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...

Use Of Hard-coded Cryptographic Key

Dragonfly is vulnerable to Use of Hard-coded Cryptographic Key. The vulnerability is due to the use of a hardcoded secret key for JWT verification, allowing attackers to bypass authentication and perform actions with admin privileges. The issue is addressed in version 2.0.9, and users are advised...

Unspecified vulnerability in DIR-X4860 of AUO Electronic Equipment (Shanghai) Co., Ltd (CNVD-2024-39256)

The DIR-X4860 is a wireless router from China's AUO D-Link. A security vulnerability exists in the DIR-X4860 of AUO Electronic Devices Shanghai Co. An unauthorized remote attacker could exploit the vulnerability and be able to log in and execute operating system commands using hard-coded...

CVE-2024-39342

Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...

CVE-2024-45861

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information...

CVE-2024-45861

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information...

CVE-2024-45861 Use of Hard-coded Credentials in Kastle Systems Access Control System

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information...

CVE-2024-45861 Use of Hard-coded Credentials in Kastle Systems Access Control System

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information...

CVE-2024-45861

The CVE-2024-45861 vulnerability affects Kastle Systems Access Control System firmware prior to May 1, 2024. The issue is use of hard-coded credentials in the firmware (CVE-2024-45861) which, if accessed, could allow an attacker to obtain sensitive information. The CISA ICS advisory confirms remo...

Dragonfly2 has hard coded cyptographic key

Summary Hello dragonfly maintainer team, I would like to report a security issue concerning your JWT feature. Details Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to authentication bypass go authMiddleware, err :=...

Kastle Systems Access Control System

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Kastle Systems Equipment : Access Control System Vulnerabilities : Use of Hard-coded Credentials, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of...

Dragonfly 安全漏洞

Dragonfly is a framework that allows dynamic processing of any content type. A security vulnerability exists in Dragonfly prior to version 2.0.9 that stems from Dragonfly's use of hard-coded JWT to authenticate users, which could lead to authentication bypass...