8092 matches found
Enphase Energy Envoy Trust Management Issues Vulnerabilities
The Enphase Energy Envoy is a gateway device for connecting smart home devices from Enphase Energy USA. The Enphase Energy Envoy has a trust management issue vulnerability that stems from the installer and Enphase accounts having hard-coded web panel login passwords, which are hard-coded values...
CVE-2021-31477
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain...
CVE-2021-31477
CVE-2021-31477 affects GE Reason RPV311 14A03. The vulnerability arises from hard-coded default credentials stored in the device firmware/filesystem, enabling remote attackers to execute arbitrary code with the download user context without authentication. Several sources (ZDI advisory ZDI-21-616...
CVE-2021-31477
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain...
Logic flaw vulnerability in hera task scheduling system
hera task scheduler is a distributed task scheduler based on zeus rewrite. The hera Task Scheduler suffers from a logic flaw that can be exploited by an attacker to forge arbitrary login credentials via a built-in hard-coded key...
Enphase Envoy 信任管理问题漏洞
The Enphase Energy Envoy is a gateway device for connecting smart home devices from Enphase Energy USA. The Enphase Energy Envoy has a trust management issue vulnerability that stems from the installer and Enphase accounts having hard-coded web panel login passwords, which are hard-coded values...
Arlo Q Plus SSH Use of Hard-coded Credentials Privilege Escalation Vulnerability
This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mode where...
Unspecified Vulnerability in ZOLL Defibrillator Dashboard
ZOLL Defibrillator Dashboard is an asset management tool from ZOLL USA. Provides at-a-glance readiness checks for the entire defibrillator fleet, even for defibrillators on multiple campuses and locations. A security vulnerability exists in all versions of ZOLL Defibrillator Dashboard prior to 2....
Bugs Lurking in Cisco UC Provisioning Platform
The Akkadian Provisioning Manager, which is used as a third-party provisioning tool within Cisco Unified Communications environments, has three high-severity security vulnerabilities that can be chained together to enable remote code execution RCE with elevated privileges, researchers said. They...
ZOLL Defibrillator Dashboard
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: ZOLL Equipment: Defibrillator Dashboard Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Use of Hard-coded Cryptographic Key, Cleartext Storage of Sensitive Information, Cross-site...
CVE-2020-15382
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time...
CVE-2020-15382
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time...
CVE-2020-15382
CVE-2020-15382 affects Brocade SANnav before version 2.1.1, where a hard-coded administrator account with the weak password 'passw0rd' is created if no PostgreSQL password is provided at install time. The remediation is to upgrade to SANnav 2.1.1 or apply the vendor patch per BSA-2021-1484.
Hardcoding vulnerability in IEXplorer
The official version of iExplorer is an iTunes fast synchronization management tool for Apple users. IEXplorer has a hard-coded vulnerability that can be exploited by attackers to obtain sensitive information...
Bosch多个产品访问控制错误漏洞
Bosch B426 and others are a firmware from Bosch Germany. An access control error vulnerability exists in multiple Bosch products that stems from the use of hard-coded session tokens in the lgs.cgi module. The vulnerability allows remote attackers to bypass the authentication of the affected Bosch...
Bosch B426 Web Configuration Use of Hard-coded Password Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Bosch B426. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lgs.cgi module. This issue results from the use of hard-coded session token. An attacker c...
FortiAuthenticator - Hard-coded cryptographic keys used to encrypt sensitive data
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...
Fortinet FortiAuthenticator WEB UI 信任管理问题漏洞
The Fortinet FortiAuthenticator WEB UI is the web interface for a centralized user identity management solution from Fortinet, Inc. A security vulnerability exists in FortiAuthenticator that arises from the use of hard-coded keys to encrypt configuration files, debug logs, and password data. The...
FortiWLC - Hardcoded root password
A use of hard-coded password vulnerability in FortiWLC may allow a local, authenticated attacker to connect to the managed Access Point Meru AP and FortiAP-U as root using the default hard-coded username and password...
CVE-2020-1716
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph...