Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enable...

Atlassian Confluence < 7.4.17 / 7.13.x < 7.13.6 / < 7.14.3 / 7.15.x < 7.15.2 / 7.16.x < 7.16.4 / 7.17.x < 7.17.2 (CONFSERVER-79483)

The version of Atlassian Confluence installed on the remote host is prior to 7.4.17 / 7.13.x 7.13.6 / 7.14.x 7.14.3 / 7.15.x 7.15.2 / 7.16.x 7.16.4 / 7.17.x 7.17.2. It is potentially affected by a hard-coded credential vulnerability if the 'Questions for Confluence' app is installed. The Atlassia...

CVE-2022-2107

CVE-2022-2107: MiCODUS MV720 GPS tracker API server uses a hard-coded master password, enabling unauthenticated login and direct SMS-command control of trackers (impersonating owners, accessing/modifying data, and potentially steering vehicles). Device IDs are sequential, aiding targeting. Public...

CVE-2022-2107 ICSA-22-200-01 MiCODUS MV720 GPS tracker Use of Hard-coded Credentials

The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number...

CVE-2022-2107 ICSA-22-200-01 MiCODUS MV720 GPS tracker Use of Hard-coded Credentials

The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number...

Goldshell ASIC Miners 信任管理问题漏洞

Goldshell ASIC Miners is a mining host from Goldshell China. A security vulnerability exists in Goldshell ASIC Miners version v2.1.x, which stems from the discovery of hard-coded credentials included that allow an attacker to connect remotely via SSH protocol port 22...

Atlassian Confluence Server 信任管理问题漏洞

Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A security vulnerability exists in Atlassian Confluence Server and Data Center that stems from the...

WAVLINK WN530HG4 信任管理问题漏洞

The WAVLINK WN530HG4 is a wireless router from the Chinese company WAVLINK. A security vulnerability exists in WAVLINK WN530HG4 M30HG4.V5030.191116 version, which originates from a hard-coded encryption/decryption key contained in the configuration file of xportAllSettings.sh. No details of the...

PT-2022-14860 · Micodus · Micodus Mv720

Name of the Vulnerable Software and Affected Versions: MiCODUS MV720 GPS tracker affected versions not specified Description: The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS...

CVE-2022-29060

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device...

CVE-2022-29060

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device...

MiCODUS MV720 GPS 信任管理问题漏洞

The MiCODUS MV720 GPS is a GPS tracker from MiCODUS USA. The MiCODUS MV720 GPS tracker suffers from a trust management issue vulnerability that stems from the API server having an authentication mechanism that allows the device to use a hard-coded master password. This could allow an attacker to...

MiCODUS MV720 GPS tracker

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: MiCODUS Equipment: MV720 GPS tracker Vulnerabilities: Use of Hard-coded Credentials, Improper Authentication, Cross-site Scripting, Authorization Bypass Through User-controlled Key 2. UPDATE OR REPOSTED...

CVE-2022-30622

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...

CVE-2022-30622

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...

Default credentials

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...

CVE-2022-30622 Chcnav - P5E GNSS Information disclosure

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...

CVE-2022-30622

CVE-2022-30622 relates to Chcnav P5E GNSS and involves disclosure of usernames and passwords without permissions via the API path http://api/sys_username_passwd.cmd and hard-coded credentials in Login.js (Username: chcadmin, Password: chcpassword). This could enable local system access and super-...

TOTOLINK A720R has a hard-coded vulnerability

The TOTOLINK A720R is a wireless router. A hard-coded vulnerability exists in TOTOLINK A720R, which can be exploited by attackers to obtain sensitive information...

CVE-2022-32389

Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates...