PT-2024-31817 · Kastle Systems · Kastle Systems Firmware

Name of the Vulnerable Software and Affected Versions: Kastle Systems firmware prior to May 1, 2024 Description: The issue concerns a hard-coded credential in the firmware, which, if accessed, may allow an attacker to access sensitive information. Recommendations: For Kastle Systems firmware prio...

Kastle Access Control System 信任管理问题漏洞

The Kastle Access Control System is an access control system from Kastle Corporation in the United States. A trust management issue vulnerability exists in Kastle Access Control System versions prior to 20240501, which stems from the presence of hard-coded credentials, access to which could allow...

Victure PC420 安全漏洞

Victure PC420 is a web-based smart camera from Victure. A security vulnerability exists in the Victure PC420 version 1.1.39 that stems from the use of a hard-coded key to encrypt data...

SolarWinds ARM 2024.3.1 Multiple Vulnerabilities (2024-3-1)

The version of SolarWinds ARM installed on the remote host is prior to 2024.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024-3-1 advisory. - SolarWinds Access Rights Manager ARM was found to contain a hard-coded credential authentication bypass vulnerability. ...

Victure PC420 安全漏洞

Victure PC420 is a web-based smart camera from Victure. A security vulnerability exists in the Victure PC420 version 1.1.39, which stems from the presence of a hard-coded root password stored in plaintext...

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

SolarWinds has released fixes to address two security flaws in its Access Rights Manager ARM software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It...

CVE-2024-45698

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device...

CVE-2024-45697

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials...

CVE-2024-45696

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the...

CVE-2024-45697

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials...

CVE-2024-45698 D-Link WiFi router - OS Command Injection

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device...

CVE-2024-45698 D-Link WiFi router - OS Command Injection

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device...

CVE-2024-45697 D-Link WiFi router - Hidden Functionality

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials...

CVE-2024-45697

CVE-2024-45697 affects certain D-Link wireless routers (DIR-X4860, DIR-X5460, COVR-X1870). The issue is a hidden/telnet functionality where telnet is enabled when the WAN port is plugged in, allowing an unauthenticated remote attacker to log in and execute OS commands using hard-coded credentials...

CVE-2024-45697 D-Link WiFi router - Hidden Functionality

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials...

CVE-2024-45696

CVE-2024-45696 affects certain D‑Link wireless routers. According to the sources, a hidden functionality can be triggered by sending crafted packets to the device’s web service, forcibly enabling the telnet service and allowing login with hard‑coded credentials. The telnet access is restricted to...

CVE-2024-45696 D-Link WiFi router - Hidden Functionality

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the...

CVE-2024-45696 D-Link WiFi router - Hidden Functionality

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the...

D-Link DIR-X4860 安全漏洞

The D-Link DIR-X4860 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-X4860 that stems from the use of hard-coded credentials, which allows an attacker to force the telnet service to be enabled and log in using hard-coded credentials...

D-Link DIR-X4860 安全漏洞

The DIR-X4860 is a wireless router from China's AUO D-Link. A security vulnerability exists in the DIR-X4860 of AUO Electronic Devices Shanghai Co. An unauthorized remote attacker could exploit the vulnerability and be able to log in and execute operating system commands using hard-coded...