TCL LinkHub Mesh Wi-Fi 信任管理问题漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation. The TCL LinkHub Mesh Wi-Fi prodchangerootpasswd feature is hard-coded vulnerable. An attacker can exploit this vulnerability to obtain the root password...

CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added the recently disclosed Atlassian security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-26138, concerns the use of hard-coded...

Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation

A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138, which concerns the use of a...

Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability

Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group...

CVE-2022-30314

Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...

CVE-2022-30314

Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...

Hardcoded credentials

Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...

CVE-2022-30314

CVE-2022-30314 affects Honeywell Experion PKS Safety Manager 5.02. The vulnerability arises from hard-coded credentials used to access the POLO bootloader, which is exposed via the DCOM-232/485 serial interface used for firmware management. An attacker with physical or gateway-access to the seria...

CVE-2022-30314

Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...

CVE-2021-22644 Ovarro TBox Use of Hard-coded Cryptographic Key

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...

CVE-2021-22644 Ovarro TBox Use of Hard-coded Cryptographic Key

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...

"Hulu" App for Android uses a hard-coded API key for an external service

Overview "Hulu" App for Android provided by HJ Holdings, Inc. uses a hard-coded API key for an external service CWE-798. Ryo Sato of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact T...

CVE-2022-36952

In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

CVE-2022-36952

In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

CVE-2022-36952

In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

CVE-2022-36952

CVE-2022-36952 affects Veritas NetBackup OpsCenter due to a hard-coded credential that can be used to exploit the VxSS subsystem. Affected versions are 8.x–8.3.0.2, 9.x–9.0.0.1, 9.1.x–9.1.0.1, and 10. The issue is documented across multiple sources (NVD/NIST, Red Hat advisory, and third-party CVE...

CVE-2022-36952

In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

IBM Security Verify Information Queue Trust Management Issue Vulnerability

IBM Security Verify Information Queue is an integration product from IBM of America, Inc. IBM Security Verify Information Queue version 10.0.2 is vulnerable to a trust management issue stemming from its use of hard-coded credentials used for inbound authentication, outbound communication to...

JVN#40907489: "Hulu / フールー" App for Android uses a hard-coded API key for an external service

"Hulu / フールー" App for Android provided by HJ Holdings, Inc. uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved via reverse-engineering the application binary. Note that the application users are not directly affected by this vulnerability...

HJ Holdings Hulu 信任管理问题漏洞

HJ Holdings Hulu is an anime player from the Japanese company HJ Holdings. HJ Holdings Hulu is vulnerable to a trust management issue vulnerability that arises from the use of hard-coded API keys in the sequence to external services. A remote attacker could exploit the vulnerability to access...