Netis Netcore Router 安全漏洞

The Netis Netcore Router is a series of routers from Netis. The Netis Netcore Router has a security vulnerability that stems from the use of hard-coded passwords...

Use of Hard-coded Credentials

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

Hitachi FOXMAN-UN 信任管理问题漏洞

Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Japan. A security vulnerability exists in Hitachi FOXMAN-UN, which stems from the fact that its message queue contains hard-coded credentials that allow an attacker to access data from the internal message queue...

Hitachi Energy UNEM

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: UNEM Vulnerabilities: Inadequate Encryption Strength, Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive Information. 2. RISK EVALUATION Successful...

Hitachi Energy FOXMAN-UN

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN Vulnerabilities: Inadequate Encryption Strength, Use of Default Cryptographic Key, Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive...

CVE-2023-22463 KubePi's Hardcoded Jwtsigkeys allows malicious actor to login with a forged JWT token

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

CVE-2023-22463 KubePi's Hardcoded Jwtsigkeys allows malicious actor to login with a forged JWT token

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

PT-2023-18515 · Kubepi · Kubepi

Name of the Vulnerable Software and Affected Versions: KubePi versions prior to 1.6.3 Description: The jwt authentication function of KubePi uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the...

CVE-2022-47618

Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service...

CVE-2022-47618 Merit Lilin Ent. Co., Ltd. AH55B04 & AH55B08 DVR - Hard-coded Credentials

Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service...

CVE-2022-47618

CVE-2022-47618 concerns hard-coded administrator credentials in Merit LILIN AH55B04 and AH55B08 DVRs. An unauthenticated remote attacker can use these credentials to log in to the administrator page and manipulate the system or disrupt service. This entry is supported by multiple sources; however...

CVE-2022-47618 Merit Lilin Ent. Co., Ltd. AH55B04 & AH55B08 DVR - Hard-coded Credentials

Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service...

PT-2023-15439 · Meritlilin · Merit Lilin Ah55B08 +1

Name of the Vulnerable Software and Affected Versions: Merit LILIN AH55B04 & AH55B08 DVR firm affected versions not specified Description: The issue concerns hard-coded administrator credentials in the DVR firm. An unauthenticated remote attacker can use these credentials to log in to the...

SolarWinds Web Help Desk <= 12.7.6 Arbitrary Code Execution

The version of SolarWinds Web Help Desk installed on the remote host is prior to or equal to 12.7.6. It is, therefore, affected by an arbitrary code execution vulnerability. Through hard coded credentials, an attacker with local access to the Web Help Desk host machine allows to execute arbitrary...

JwtSigKey hardcoded causes the k8s cluster to take over

Description The jwt authentication function of kubepi = v1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Further use the administrator to...

CVE-2014-125030

A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The patch is identified as 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a pat...

CVE-2014-125030 taoeffect Empress hard-coded password

A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The patch is identified as 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a pat...

CVE-2014-125030

CVE-2014-125030 affects taoeffect Empress. The vulnerability is due to hard-coded credentials in an unknown functionality, classified as critical. A patch is identified as 557e177d8a309d6f0f26de46efb38d43e000852d and is recommended to fix the issue. Connected documents corroborate hard-coded pass...

CVE-2014-125030 taoeffect Empress hard-coded password

A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The patch is identified as 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a pat...

PT-2023-10100 · Unknown · Taoeffect Empress

Name of the Vulnerable Software and Affected Versions: taoeffect Empress affected versions not specified Description: A critical issue has been found in taoeffect Empress, affecting some unknown functionality. The manipulation leads to the use of a hard-coded password. Recommendations: To fix thi...