Hardcoded credentials

An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts...

CVE-2019-5139

An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts...

CVE-2019-5139

CVE-2019-5139 affects Moxa AWK-3131A (firmware 1.13). A hard-coded credential (moxaiwroot) is used in multiple iw_* utilities, enabling creation of custom diagnostic scripts via the device’s diagnostic path. Root cause: undocumented encryption/password usage within iw_* components. Impact: local ...

CVE-2019-5137

The Moxa AWK-3131A Series (firmware 1.13) ServiceAgent uses a hard-coded cryptographic key, enabling decryption of network traffic to/from the device. CVE-2019-5137 (CVSSv3 7.5) details the root cause and impact (confidentiality HIGH). A vendor patch is available; apply the security update from M...

Moxa EDS-G516E and EDS-510E Series Ethernet Switches

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: EDS-G516E series, and EDS-510E series Vulnerabilities: Stack-based Buffer Overflow, Use of a Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key, Use of...

Vulnerability Spotlight: Multiple vulnerabilities in Moxa AWK-3131A

Jared Rittle and Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Moxa AWK-3131A networking device contains several different vulnerabilities that an attacker could exploit to carry out malicious activities in an industrial environment. The AWK-3131A is a wirele...

Moxa AWK-3131A ServiceAgent Use of Hard-coded Cryptographic Key

Summary The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. Tested Versions Moxa AWK-3131A Firmware version 1.13 Product URLs...

Moxa AWK-3131A multiple iw_* utilities Use of Hard-coded Credentials Vulnerability

Summary An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Tested Versions Moxa...

Critical Cisco Bug Opens Software Licencing Manager to Remote Attack

A critical flaw in the High Availability HA service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn’t directly connected to the internet. Cisco Smart Software...

Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Auto-Maskin Equipment: RP 210E Remote Panels, DCU 210E Control Units, and Marine Observer Pro Android App Vulnerabilities: Cleartext Transmission of Sensitive Information, Origin Validation Error,...

CVE-2019-4392

HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system...

CVE-2019-4392

HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system...

Hardcoded credentials

HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system...

CVE-2019-4392

HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system...

Opencast Trust Management Issues Vulnerabilities

Opencast is a free and open source video management solution that is scalable, customizable and low cost. A trust management issue vulnerability exists in Opencast versions prior to 7.6 and prior to 8.1. The vulnerability stems from the lack of an effective trust management mechanism in a network...

CVE-2013-6236

IZON IP 2.0.2: hard-coded password vulnerability...

CVE-2013-6236

IZON IP 2.0.2: hard-coded password vulnerability...

CVE-2013-6236

CVE-2013-6236 affects Stem Innovation IZON IP cameras (Firmware 2.0.2). The vulnerability arises from hard-coded credentials in the device’s Linux distribution and hidden web application, enabling unauthenticated access to the camera via Telnet/HTTP and exposing streams and configuration data. Po...

CVE-2019-4675

IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511...

CVE-2019-4675

IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511...