CVE-2023-26462

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials usable for privilege escalation are stored in an insecure format. To read this stored data, the attacker needs access to the application server or its source code...

Thingsboard 信任管理问题漏洞

Thingsboard is a Java-based platform for IOT devices for monitoring, management, and data collection from the Thingsboard team. A security vulnerability exists in ThingsBoard version 3.4.1, which stems from hard-coded service credentials stored in an insecure format that can be exploited by an...

PT-2023-20655 · Unknown · Thingsboard

Name of the Vulnerable Software and Affected Versions: ThingsBoard version 3.4.1 Description: The issue allows a remote attacker to gain elevated privileges due to hard-coded service credentials being stored in an insecure format. To exploit this, an attacker would need access to the application...

CVE-2023-26462

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials usable for privilege escalation are stored in an insecure format. To read this stored data, the attacker needs access to the application server or its source code...

ProLink PRS1841 信任管理问题漏洞

The ProLink PRS1841 is a router from ProLink Singapore. A security vulnerability exists in the Prolink PRS1841 that stems from the IT Telnet and FTP services containing hard-coded credentials...

WAGO Series 750-88x and 750-87x Use of Hard-Coded Credentials (CVE-2019-10712)

The Web-GUI on WAGO Series 750-88x 750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889 and Series 750-87x 750-830, 750-849, 750-871, 750-872, 750-873 devices has undocumented service access. This plugin only works with Tenable.ot. Please visit...

SUSE CVE-2011-5064

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

CVE-2022-3089 EnOcean SmartServer Hard-coded credentials

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file...

CVE-2022-3089 EnOcean SmartServer Hard-coded credentials

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file...

CVE-2023-0808

A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW315U54061.47/MW315U54061.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It i...

CVE-2023-0808

A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW315U54061.47/MW315U54061.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It i...

CVE-2023-0808 Deye/Revolt/Bosswerk Inverter Access Point Setting hard-coded password

A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW315U54061.47/MW315U54061.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It i...

CVE-2023-0808

CVE-2023-0808 affects Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471, specifically the Access Point Setting Handler. The vulnerability arises from hard-coded credentials introduced via input 12345678, enabling an attack on the physical device. Exploitation is described as diff...

NingBo Deye Inverter Technology Deye/Revolt/Bosswerk Inverter 信任管理问题漏洞

NingBo Deye Inverter Technology Deye/Revolt/Bosswerk Inverter is a series of inverters from NingBo Deye Inverter Technology China. A trust management issue vulnerability exists in the NingBo Deye Inverter Technology Deye/Revolt/Bosswerk Inverter MW315U54061.47/MW315U54061.471 versions, which stem...

PT-2023-16538 · Unknown · Deye/Revolt/Bosswerk Inverter

Name of the Vulnerable Software and Affected Versions: Deye/Revolt/Bosswerk Inverter version MW3 15U 5406 1.47/MW3 15U 5406 1.471 Description: A vulnerability was found in the Access Point Setting Handler component. The manipulation with the input 12345678 leads to the use of a hard-coded passwor...

Key-Systems Global Facilities Management Software 信任管理问题漏洞

Key-Systems Global Facilities Management Software Key-Systems GFMS is a global facilities management software from Key-Systems. A security vulnerability exists in Key Systems Management Global Facilities Management Software GFMS version 3 that stems from the use of hard-coded credentials, resulti...

EnOcean SmartServer

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low attack complexity Vendor: EnOcean Edge Inc, a subsidiary of EnOcean GmbH Equipment: SmartServer with i.LON Vision Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

TOTOLINK T8 Hardcoding Vulnerability

TOTOLINK T8 is a wireless dual-band router that is mainly used for internet connection and data transmission. The TOTOLINK T8 suffers from a hard-coded vulnerability that originates from /webcste/cgi-bin/product.ini storing the password for the telnet service. An attacker can exploit the...

CVE-2023-24155

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /webcste/cgi-bin/product.ini...

CVE-2023-24147

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini...