CVE-2022-26671

CVE-2022-26671 affects Taiwan Secom Dr.ID Access Control system’s login page, where a hard-coded credential in the source code allows an unauthenticated remote attacker to obtain partial system information and modify system settings, causing partial service disruption. The available connected doc...

Taiwan Secom Dr.ID Access control 信任管理问题漏洞

Taiwan Secom Dr.ID Access control is an access control system from Taiwan Secom Corporation in Taiwan, China. A security vulnerability exists in the Taiwan Secom Dr.ID Access control system due to a hard-coded credential in the source code of the login page. An unauthenticated remote attacker cou...

Pepperl+Fuchs WirelessHART-Gateway

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Pepperl+Fuchs Equipment: WirelessHART-Gateway Vulnerabilities: Use of Hard-coded Credentials, Uncontrolled Resource Consumption, Reliance on Reverse DNS Resolution for a Security-critical Action, Path...

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, allows a perpetrator to increase their privileges.

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, stems from the use of rigidly encoded user credentials. Exploiting this vulnerability could all...

CVE-2022-23440

A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...

CVE-2022-23440

A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...

CVE-2022-23440

A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...

CVE-2022-23440

A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...

CVE-2022-23440

A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...

CVE-2022-23441

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors...

CVE-2022-23441

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors...

Fortinet FortiEDR 信任管理问题漏洞

Fortinet FortiEDR is a scratch-built endpoint security solution from Fortinet U.S.A. Fortinet FortiEDR is vulnerable to a trust management issue that stems from the use of hard-coded encrypted RSA keys, which can be exploited by local attackers to disable and offload collectors from endpoints in...

GitLab issues security updates; watch out for hard coded passwords

GitLab has issued several critical security updates, with users of the version control software urged to upgrade their installations as soon as possible. One of the fixes is for a hard coded password issue. What is distributed version control? Distributed version control is a way for an...

Yokogawa CENTUM and Exaopc Use of Hard-Coded Credentials (CVE-2022-21194)

The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. This plugin only works with...

Schneider Electric ConneXium Tofino Firewall和Schneider Electric Belden Tofino Xenon Security Appliance 信任管理问题漏洞

Schneider Electric ConneXium Tofino Firewall and Schneider Electric Belden Tofino Xenon Security Appliance are both products of Schneider Electric, a French company. The Schneider Electric ConneXium Tofino Firewall is a firewall appliance and the Schneider Electric Belden Tofino Xenon Security...

GitLab Community Edition和GitLab Enterprise Edition 信任管理问题漏洞

GitLab Enterprise Edition is a content management system, and GitLab Community Edition is a community edition of GitLab from GitLab, Inc. A trust management issue vulnerability exists in GitLab Community Edition CE and Enterprise Edition EE due to the presence of hard-coded credentials in...

CVE-2022-26671

Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service...

CVE-2021-46008

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on...

CVE-2021-46008

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on...

CVE-2021-46008

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on...