CVE-2022-36560

CVE-2022-36560 affects Seiko SkyBridge MB-A200 family (versions v01.00.04 and earlier) and is due to multiple hard-coded root passcodes stored in the device. Attackers can retrieve the credentials from /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh, enabling privileged access. Remediati...

CVE-2022-36558

Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg...

CVE-2022-36558

CVE-2022-36558 affects Seiko SkyBridge MB-A100/110 (firmware 4.2.0 and earlier). The root account uses a hard-coded passcode that can be read from /etc/ciel.cfg, enabling unauthorized admin access. Impact: admin/root-level control of the device. Mitigation per connected docs: update firmware to S...

Multiple vulnerabilities in CentreCOM AR260S V2

Overview CentreCOM AR260S V2 provided by Allied Telesis K.K. contains multiple vulnerabilities listed below. OS command injection vulnerability in GUI setting page CWE-78 - CVE-2022-35273 Use of hard-coded credentials for the telnet server CWE-798 - CVE-2022-38394 Undocumented hidden command that...

Allied Telesis CentreCOM AR260S 信任管理问题漏洞

The Allied Telesis CentreCOM AR260S is a basic VPN access router from Allied Telesis Japan. A security vulnerability exists in the Allied Telesis CentreCOM AR260S V2 version, which stems from the use of hard-coded credentials by the telnet service...

Seiko Solutions SkyBridge MB-A100/A110 信任管理问题漏洞

The Seiko Solutions SkyBridge MB-A100/A110 is an LTE-compatible IoT router from Seiko Solutions, Japan. A security vulnerability exists in the Seiko Solutions SkyBridge MB-A100/A110 v4.2.0 and earlier, which originates from a hard-coded password implemented for the root account and can be exploit...

PT-2022-23467 · Seiko · Seiko Skybridge Mb-A100/A110

Name of the Vulnerable Software and Affected Versions: Seiko SkyBridge MB-A100/A110 versions 4.2.0 and below Description: The issue concerns a hard-coded passcode for the root account, which can be accessed by attackers through the file /etc/ciel.cfg. Recommendations: For versions 4.2.0 and below...

PT-2022-4624 · Centrecom · Centrecom Ar260S V2

Name of the Vulnerable Software and Affected Versions: CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 Description: The issue is related to the use of hard-coded credentials for the telnet server, allowing a remote unauthenticated attacker to execute an arbitrary OS command. This could...

JVN#45473612: Multiple vulnerabilities in CentreCOM AR260S V2

CentreCOM AR260S V2 provided by Allied Telesis K.K. contains multiple vulnerabilities listed below. OS command injection vulnerability in GUI setting page CWE-78 - CVE-2022-35273 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

PT-2022-23469 · Seiko · Seiko Skybridge Mb-A200

Name of the Vulnerable Software and Affected Versions: Seiko SkyBridge MB-A200 versions 01.00.04 and below Description: The issue concerns multiple hard-coded passcodes for root access. Attackers can obtain these passcodes from /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh...

TOTOLINK N600R 信任管理问题漏洞

TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz dual-band concurrency with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a hard-coded vulnerability that originates from the inclusion of a...

TOTOLINK A720R 信任管理问题漏洞

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a hard-coded vulnerability that stems from the inclusion of root's hard-coded password in...

TOTOLINK A950RG 信任管理问题漏洞

TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK that supports high-speed network connectivity and multi-device management. The TOTOLINK A950RG suffers from a hard-coded vulnerability that originates from the inclusion of root's hard-coded passwor...

PT-2022-4412 · Delta Industrial Automation · Dialink

Name of the Vulnerable Software and Affected Versions: Delta Industrial Automation DIALink versions 1.4.0.0 and prior Description: The issue is related to the use of a hard-coded cryptographic key, which could allow an attacker to decrypt sensitive data and compromise the machine. This could...

(Pwn2Own) Softing Secure Integration Server Use of Default Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of user accounts. The configuration contains...

Delta Electronics Industrial Automation DIALink 信任管理问题漏洞

Delta Electronics Industrial Automation DIALink is an industrial automation IoT device from Delta Electronics Taiwan, China. The Delta Electronics Industrial Automation DIALink suffers from a security vulnerability that stems from the susceptibility of the affected product to the use of hard-code...

Siklu MultiHaul TG Series 安全漏洞

The Siklu MultiHaul TG Series is a series of wireless transmission devices from Siklu designed to provide a reliable high-speed data transmission solution, especially for fixed wireless access and connectivity needs in dense urban environments. A security vulnerability exists in the Siklu MultiHa...

GHSA-MJ5W-W588-J6XG Use of Hard-coded Credentials in AgileConfig.Client

Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...

MapGIS IGServer 信任管理问题漏洞

MapGIS IGServer is a cross-platform high-performance GIS server product of China MapGIS. It provides users with powerful spatial data management, analysis, visualization and sharing services, and supports users to develop and expand WebGIS applications in various industries. A security...

Use of Hard-coded Credentials

Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...