CVE-2021-39614

D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values...

CVE-2021-39613

The CVE affects D-Link DVG-3104MS devices (firmware versions 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E) where hard-coded credentials for undocumented accounts exist in /etc/passwd. This leads to plaintext passwords recoverable from stored hashes, with impact described as confidentially/high integrity/...

CVE-2021-39613

D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products...

PT-2021-22677 · D Link · D-Link Dvg-3104Ms

Name of the Vulnerable Software and Affected Versions: D-Link DVG-3104MS versions 1.0.2.0.3 through 1.0.2.0.4E Description: The issue concerns hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. Weak passwords have been used, allowing plaintext passwords to be recover...

多款Altus Sistemas de Automacao设备信任管理问题漏洞

Altus Sistemas de Automacao Nexto NX30xx, among others, is an industrial automation device from Brazilian company Altus Sistemas de Automacao. A security vulnerability exists in several Altus Sistemas de Automacao devices, which stems from the presence of hard-coded .htaccess credentials for...

D-Link DSR-500N 信任管理问题漏洞

A security vulnerability exists in the D-Link DSR-500N, a wireless router from D-Link, Taiwan, China, which stems from the fact that version 1.02 of the D-Link DSR-500N contains hard-coded credentials for user accounts that are not documented in the "etc/passwd" file. The vulnerability is caused ...

PT-2021-4449 · D Link · Dsr-500N

Name of the Vulnerable Software and Affected Versions: D-Link DSR-500N version 1.02 D-Link DSR-500N versions prior to 2.12/2 Description: The issue is related to hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. If an attacker recovers the cleartext password of the...

D-Link DVX-2000MS 信任管理问题漏洞

A security vulnerability exists in the D-Link DVX-2000MS, a hardware for IP telephony systems from D-Link in Taiwan, China. file contains hard-coded credentials that do not record user accounts. An attacker could exploit this vulnerability to recover plaintext passwords from hash values...

CVE-2021-32588

A use of hard-coded credentials CWE-798 vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application...

Hardcoded credentials

A use of hard-coded credentials CWE-798 vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application...

CVE-2021-32588

A use of hard-coded credentials CWE-798 vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application...

CVE-2021-32588

A use of hard-coded credentials CWE-798 vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application...

Tecknodreams SapphireIMS OS Command Injection Vulnerability

Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise class service management system from Tecknodreams India. Tecknodreams SapphireIMS 5.0 suffers from an operating system command injection vulnerability that originates in SapphireIMS 5.0, where hardcoded credentials username: sapphire,...

Tecknodreams SapphireIMS 信任管理问题漏洞

Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise-class service management system from Tecknodreams India.A trust management issue vulnerability exists in SapphireIMS 5.0, which stems from the fact that in SapphireIMS 5.0, it is possible to use hard-coded credentials in the client...

Johnsoncontrols Metasys Use of Hard-coded Credentials

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal SMP. File data ot500384.nasl...

Johnsoncontrols Metasys Use of Hard-coded Credentials

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal SMP. File data ot500401.nasl...

Fortinet FortiPortal Trust Management Issue Vulnerability

Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs.Fortinet FortiPortal has a trust management issue vulnerability, which stems from the...

FortiPortal - Authentication bypass and remote code execution as root

A use of hard-coded credentials CWE-798 vulnerability in FortiPortal may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.Â...

Swisslog Healthcare Translogic PTS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Swisslog Healthcare Equipment: Translogic PTS Pneumatic Tube Systems Vulnerabilities: Use of Hard-coded Password, Execution with Unnecessary Privileges, Improper Authentication, Download of Code without...

D-Link DIR-3040 < 1.13B03 Hotfix Multiple Vulnerabilities - Active Check

D-Link DIR-3040 devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX = "cpe:/o:dlink"; if...