Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora

This repository is an open-source project called "Attack-Defense ThinkTank" openKylin, which is a community-driven platform for sharing knowledge and research on attack and defense techniques. The project is hosted on Gitee, a Chinese version of GitHub. The repository contains various articles an...

CVE-2022-34840

Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier,...

CVE-2022-34840

Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier,...

Hardcoded credentials

Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier,...

CVE-2022-34840

Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier,...

PT-2022-22390 · Buffalo · Wzr-450Hp-Cwt +8

Name of the Vulnerable Software and Affected Versions: WZR-300HP firmware Ver. 2.00 and earlier WZR-450HP firmware Ver. 2.00 and earlier WZR-600DHP firmware Ver. 2.00 and earlier WZR-900DHP firmware Ver. 1.15 and earlier HW-450HP-ZWE firmware Ver. 2.00 and earlier WZR-450HP-CWT firmware Ver. 2.00...

CVE-2022-34840

Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier,...

CVE-2022-34840

CVE-2022-34840 concerns a hard-coded credentials vulnerability in Buffalo network devices. The affected models include WZR-300HP, WZR-450HP, WZR-600DHP, WZR-900DHP, HW-450HP-ZWE, WZR-450HP-CWT, WZR-450HP-UB, WZR-600DHP2, and WZR-D1100H, with firmware versions as listed (older than specified updat...

Mitsubishi Electric FA Engineering Software (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GX Works3, MX OPC UA Module Configurator-R Vulnerabilities: Cleartext Storage of Sensitive Information, Use of Hard-coded Password, Insufficiently Protected Credentials,...

CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs

The U.S. Cybersecurity and Infrastructure Security Agency CISA this week released an Industrial Control Systems ICS advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users ...

Horner Automation Remote Compact Controller

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Horner Automation Equipment: Remote Compact Controller RCC 972 Vulnerabilities: Inadequate Encryption Strength, Use of Hard-coded Cryptographic Key, Excessive Reliance on Global Variables 2. RISK...

Sanitization Management System 信任管理问题漏洞

Sanitization Management System is a sanitization management system by Carlo Montero Personal Developer. A security vulnerability exists in Sanitization Management System v1.0, which stems from its use of hard-coded credentials that allow an attacker to elevate privileges and access the...

Realtek RTL8111EP-CG and RTL8168FP-CG Trust Management Issue Vulnerability

The Realtek RTL8111EP-CG and Realtek RTL8168FP-CG are both Ethernet controllers. A trust management issue vulnerability exists in Realtek RTL8111EP-CG, RTL8111FP-CG Firmware versions prior to 3.0.0.2019090, which stems from the Dash feature having a hard-coded password that can be exploited by an...

Book Store Management System 信任管理问题漏洞

Book Store Management System is an online bookstore system by Carlo Montero, an individual developer. A security vulnerability exists in Book Store Management System v1.0, which stems from its use of hard-coded credentials that allow an attacker to elevate privileges and access the administration...

CVE-2022-32967

RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information...

CVE-2022-32967

Realtek RTL8111EP-CG/RTL8111FP-CG DASH function contains a hard-coded password. An unauthenticated physical attacker can exploit this during a reboot triggered by another user to access partial system information (e.g., serial number, server information). Affected firmware versions are prior to 3...

CVE-2022-32967 Realtek RTL8111EP-CG/RTL8111FP-CG - Use of Hard-coded Credentials

RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information...

CVE-2022-32967 Realtek RTL8111EP-CG/RTL8111FP-CG - Use of Hard-coded Credentials

RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information...

PT-2022-21615 · Realtek · Rtl8111Ep-Cg

Name of the Vulnerable Software and Affected Versions: RTL8111EP-CG/RTL8111FP-CG affected versions not specified Description: The DASH function in RTL8111EP-CG/RTL8111FP-CG has a hard-coded password. An unauthenticated physical attacker can use this default password during system reboot to acquir...

Realtek RTL8111FP-CG和RTL8168FP-CG 信任管理问题漏洞

The Realtek RTL8111EP-CG and Realtek RTL8168FP-CG are both Ethernet controllers. A trust management issue vulnerability exists in Realtek RTL8111EP-CG, RTL8111FP-CG Firmware versions prior to 3.0.0.2019090, which stems from the Dash feature having a hard-coded password that can be exploited by an...