PT-2022-23542 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus version 3.6.2 Description: A hard-coded JWT key was found in the project config file of Novel-Plus, allowing attackers to create a custom user session. Recommendations: For Novel-Plus version 3.6.2, consider removing the hard-coded...

novel-plus 信任管理问题漏洞

novel-plus 小说精品屋-plus is a multiterminal PC, WAP reading, full-featured original literature CMS system. A security vulnerability exists in novel-plus version v3.6.2, which stems from the inclusion of a hard-coded JWT key located in the project configuration file, which allows an attacker to creat...

CVE-2022-30318

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of...

Hardcoded credentials

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of...

CVE-2022-30318

CVE-2022-30318 affects Honeywell ControlEdge (PLC/RTU) through R151.1, where the SSH service on port 22 uses root credentials that are hardcoded and not automatically changed at first commissioning. This creates a vulnerability to remote code execution, configuration manipulation, and denial of s...

CVE-2022-30318

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of...

CVE-2022-38116

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...

Hardcoded credentials

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...

CVE-2022-38116

The CVE-2022-38116 entry concerns Le-yan Personnel and Salary Management System with hard-coded database credentials in the website source code, as documented across multiple sources (NVD/NVD-derived listings and CWE-style summaries). The root cause is embedded static credentials within the appli...

CVE-2022-38116 Le-yan Co., Ltd. Personnel and Salary Management System - Hard-coded password

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...

CVE-2022-38116

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...

TOTOLINK A720R Hardcoded Vulnerability

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a hard-coded vulnerability that stems from the inclusion of root's hard-coded password in...

TOTOLINK A950RG Hardcoding Vulnerability

TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK that supports high-speed network connectivity and multi-device management. The TOTOLINK A950RG suffers from a hard-coded vulnerability that originates from the inclusion of root's hard-coded passwor...

TOTOLINK N600R Hardcoded Vulnerability

TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz dual-band concurrency with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a hard-coded vulnerability that originates from the inclusion of a...

Honeywell ControlEdge

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: ControlEdge Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report known as “OT:ICEFALL” that details vulnerabilities found in multiple...

CVE-2022-36558

Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg...

CVE-2022-36560

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh...

CVE-2022-36558

Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg...

CVE-2022-36558

Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg...

CVE-2022-36560

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh...