PT-2023-7056 · Technicolor · Technicolor Tg670

Name of the Vulnerable Software and Affected Versions: Technicolor TG670 version 10.5.N.9 Description: The issue concerns the presence of multiple accounts with hard-coded passwords in the Technicolor TG670 device. One of these accounts has administrative privileges, which can allow for...

Hard-coded credentials in Technicolor TG670 DSL gateway router

Overview The Technicolor TG670 DSL Gateway Router includes a hard-coded service account that allows for authentication over services on the WAN interface, using HTTP, SSH, or TELNET. The authenticated user can use it to gain full administrative control of the router. Description A hard-coded...

CVE-2023-37287

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

CVE-2023-37286

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service...

Design/Logic Flaw

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service...

CVE-2023-37287

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

CVE-2023-37286

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service...

CVE-2023-37286 SmartBPM.NET - Use of Hard-Coded Credentials - 1

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service...

CVE-2023-37287 SmartBPM.NET - Use of Hard-Coded Credentials - 2

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

SmartSoft SmartBPM.NET 信任管理问题漏洞

SmartSoft SmartBPM.NET is an enterprise process management platform from China-based SmartSoft Technologies SmartSoft. A trust management issue vulnerability exists in SmartSoft SmartBPM.NET that stems from the use of hard-coded authentication keys...

CVE-2023-37287

SmartBPM.NET (SmartBPM.NET) is affected by CVE-2023-37287 due to the use of a hard-coded authentication key. The vulnerability allows an unauthenticated remote attacker to access the system with regular user privileges, enabling reading of application data and execution of submission and approval...

CVE-2023-37287 SmartBPM.NET - Use of Hard-Coded Credentials - 2

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

PT-2023-25884

Name of the Vulnerable Software and Affected Versions SmartBPM.NET affected versions not specified Description The issue is related to the use of a hard-coded authentication key. An unauthenticated remote attacker can exploit this to access the system with regular user privilege, allowing them to...

PT-2023-25883 · Smartisoft · Smartbpm.Net

Name of the Vulnerable Software and Affected Versions: SmartSoft SmartBPM.NET affected versions not specified Description: The issue is related to the use of a hard-coded machine key in SmartSoft SmartBPM.NET. This allows an unauthenticated remote attacker to send a serialized payload to the...

SmartSoft SmartBPM.NET 信任管理问题漏洞

SmartSoft SmartBPM.NET is an enterprise process management platform from China-based SmartSoft. A vulnerability in SmartSoft SmartBPM.NET exists due to a trust management issue that arises from the use of hard-coded machine keys...

CVE-2023-37286 SmartBPM.NET - Use of Hard-Coded Credentials - 1

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service...

CVE-2023-35987

PiiGAB M-Bus contains hard-coded credentials which it uses for authentication...

Hardcoded credentials

PiiGAB M-Bus contains hard-coded credentials which it uses for authentication...

CVE-2023-35987

CVE-2023-35987 concerns hard-coded credentials in PiiGAB M-Bus authentication. The vulnerability affects the M-Bus SoftwarePack 900S product family and is described in multiple sources (ICS/CISA advisory and CVE records). Root cause: hard-coded credentials used for authentication, enabling remote...

CVE-2023-35987 PiiGAB M-Bus Use of Hard-coded Credentials

PiiGAB M-Bus contains hard-coded credentials which it uses for authentication...