Authentication Bypass

farmhaystack is vulnerable to Authentication Bypass. The vulnerability exists in docker-compose.yml due to the use of hard-coded, security-relevant constants which allows an attacker to make changes in the annotation process...

IoT garage door exploit allows for remote opening attack

A popular and reasonably cheap garage door controller is making waves in the news, and not in a good way. Ars Technica reports that the $80 devices created by Nexx are suffering from a number of security issues which could compromise the safety of your home. A Medium post by researcher Sam Sabeta...

CVE-2023-1748

The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server MQTT server and the ability to remotely control garage door...

CVE-2023-1748

The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server MQTT server and the ability to remotely control garage door...

Hardcoded credentials

The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server MQTT server and the ability to remotely control garage door...

CVE-2023-1748

CVE-2023-1748 affects Nexx Smart Home devices (Nexx Garage Door Controller NXG-100B/NXG-200, Nexx Smart Plug NXPG-100W, Nexx Smart Alarm NXAL-100). The root cause is use of hard-coded credentials, enabling an unauthenticated attacker with access to the Nexx Home mobile app or affected firmware to...

CVE-2023-1748 CVE-2023-1748

The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server MQTT server and the ability to remotely control garage door...

CVE-2023-1748 CVE-2023-1748

The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server MQTT server and the ability to remotely control garage door...

多款Nexx产品信任管理问题漏洞

Nexx Garage Door Controller and others are products of Nexx Corporation.Nexx Garage Door Controller is a garage door controller.Nexx Smart Plug is a smart plug.Nexx Smart Alarm is a smart alarm. A security vulnerability exists in the Nexx Smart Home Device that stems from the use of hard-coded...

PT-2023-2619 · Nexx · Nexx Smart Alarm +2

Name of the Vulnerable Software and Affected Versions: Nexx Garage Door Controller versions NXG-100B, NXG-200 Nexx Smart Plug version NXPG-100W Nexx Smart Alarm version NXAL-100 Description: The issue is related to the use of hard-coded credentials in the firmware of Nexx Smart Home devices. This...

Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210

Overview SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2016-2183 Command injection CWE-77 - CVE-2022-36556 Unrestricted upload of file with...

Use of hard-coded, security-relevant constants in deepset-ai/haystack

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1...

CVE-2023-1712 Use of Hard-coded, Security-relevant Constants in deepset-ai/haystack

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30...

PT-2023-17189 · Deepset Ai · Haystack

Name of the Vulnerable Software and Affected Versions: deepset-ai/haystack versions prior to 0.1.30 deepset-ai/haystack version 1.15.0 and prior Description: The issue is related to the use of hard-coded, security-relevant constants in the GitHub repository deepset-ai/haystack. A patch is availab...

haystack 安全漏洞

haystack is an open source NLP framework for interacting with your data using Transformer models and LLMs GPT-4, ChatGPT, etc.. A security vulnerability exists in haystack versions prior to 0.1.30 that stems from the use of hard-coded constants...

Akuvox E11

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Akuvox Equipment: E11 Vulnerabilities: Generation of Predictable IV with CBC, User of Hard-coded Cryptographic Key, Missing Authentication for Critical Function, Storing Passwords in a Recoverable...

Schneider Electric Wiser Smart Use of Hard-coded Credentials (CVE-2022-30234)

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior This plugin only works with Tenable.ot. Please visit...

ABB PB610 Panel Builder 600 Use of Hard-Coded Credentials (CVE-2019-7225)

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool Panel Builder 600 to flash a new interface and Tags MODBUS coils mapping to the HMI. These credentials are the idal123...

Osprey Pump Controller 信任管理问题漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01 that stems from the use of hard-coded passwords, which can be exploited by an attacker to gain full access to the web management interface configuration...

CVE-2022-22512

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network...