Siemens SICAM A8000

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a privileged user...

TIBCO Software FTL 信任管理问题漏洞

Tibco Ftl is an application-to-application messaging system from Tibco USA, Inc. Designed for low latency and high performance, TIBCO FTL suffers from a trust management issue vulnerability that stems from hard-coded secrets used in the default domain server, which can be exploited by attackers t...

GHSA-9FJ5-JG6F-QG5R Use of Hard-coded Credentials in Apache Kylin

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

Use of Hard-coded Credentials in Apache Kylin

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

ControlUp Real-Time Agent 信任管理问题漏洞

ControlUp Real-Time Agent is a real-time agent from Controlup, Inc. A security vulnerability exists in ControlUp Real-Time Agent that stems from a hard-coded key in ControlUp Real-Time Agent versions prior to 8.2.5 that allows potential attackers to exploit the vulnerability to run operating syst...

D-Link DIR-2640 trust management issue vulnerability

D-Link DIR-2640 is a high-powered Wi-Fi router from D-Link, a Taiwan-based company. D-Link DIR-2640 Quagga 1.11B02 and previous versions are vulnerable to a trust management issue, which stems from the use of default hard-coded credentials for the service, and can be exploited by remote attackers...

Trendnet AC2600 TEW-827DRU Trust Management Issue Vulnerability

The Trendnet AC2600 TEW-827DRU is a wireless router that has a security vulnerability that could be exploited by attackers to back up and restore device configurations through the management web interface. The devices are encrypted using the hard-coded password "12345678"...

Netgear RAX43 has an unspecified vulnerability (CNVD-2022-02648)

Netgear RAX43 is a wireless router from Netgear USA.A security vulnerability exists in Netgear RAX43, which stems from the use of hard-coded credentials. Because the configuration backup is encrypted, it appears that an ordinary user is not intended to be able to manipulate the configuration...

CVE-2021-20132

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router i.e., as the "admin" user, UID 0...

CVE-2021-20132

CVE-2021-20132 affects D-Link DIR-2640 with Quagga services (zebra and ripd) running on versions up to 1.11B02. The root cause is default hard-coded credentials, allowing a remote attacker to gain administrative access (root privileges, UID 0) to these services. Several connected records (e.g., R...

Netgear RAX43 信任管理问题漏洞

Netgear RAX43 is a wireless router from Netgear USA.A security vulnerability exists in Netgear RAX43, which stems from the use of hard-coded credentials. Because the configuration backup is encrypted, it appears that an ordinary user is not intended to be able to manipulate the configuration...

Trendnet AC2600 信任管理问题漏洞

The Trendnet AC2600 TEW-827DRU is a wireless router that has a security vulnerability that could be exploited by attackers to back up and restore device configurations through the management web interface. The devices are encrypted using the hard-coded password "12345678"...

D-Link DIR-2640 信任管理问题漏洞

D-Link DIR-2640 is a high-powered Wi-Fi router from D-Link, a Taiwan-based company. D-Link DIR-2640 Quagga 1.11B02 and previous versions are vulnerable to a trust management issue, which stems from the use of default hard-coded credentials for the service, and can be exploited by remote attackers...

CVE-2021-35232

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...

CVE-2021-35232

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...

CVE-2021-43552

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX PIC iX Versions B.02, C.02, and C.03...

CVE-2021-32993

IntelliBridge EC 40 and 60 Hub C.00.04 and prior contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

CVE-2021-32993

IntelliBridge EC 40 and 60 Hub C.00.04 and prior contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

Hardcoded credentials

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...

Hardcoded credentials

IntelliBridge EC 40 and 60 Hub C.00.04 and prior contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...