Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450

Carl Hurd and Jared Rittle of Cisco Talos discovered these vulnerabilities. Executive summary Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws...

Sierra Wireless AirLink ES450 SNMPD hard-coded credentials vulnerability

Summary A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in a hard-coded, in the exposure of a privileged user. An attacker can...

CVE-2018-18251

Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rules and integrity of SQL statements and other content being sent to the server. Client HTTP calls...

Design/Logic Flaw

Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rules and integrity of SQL statements and other content being sent to the server. Client HTTP calls...

CVE-2019-10688

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector BToE application 3.9.1, use hard-coded credentials to establish connections between the host application and the device...

CVE-2019-10688

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector BToE application 3.9.1, use hard-coded credentials to establish connections between the host application and the device...

CVE-2019-10688

Summary: CVE-2019-10688 affects VVX (Polycom) devices running UCS 5.9.2 or earlier with Better Together over Ethernet Connector (BToE) 3.9.1. A hard-coded credential vulnerability enables connections between the host application and the device, enabling potential unauthorized access. The CVSS met...

CVE-2019-10688

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector BToE application 3.9.1, use hard-coded credentials to establish connections between the host application and the device...

WAGO 750-88x Series and WAGO 750-87x Series Trust Management Issue Vulnerability

The WAGO 750-88x Series and WAGO 750-87x Series are both products of WAGO, Germany.The WAGO 750-88x Series is a 750-88x series programmable logic controller.The WAGO 750-87x Series is a 750-87x series programmable logic controller. A trust management issue vulnerability exists in the WAGO Series...

WAGO Series 750-88x and 750-87x

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: WAGO Equipment: Series 750-88x and 750-87x Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION This vulnerability allows a remote attacker to change the settings or alter the...

Avast Anti-Virus Trust Management Vulnerability

Avast Anti-Virus is a tool for cleaning Avast antivirus programs. A trust management vulnerability exists in Avast Anti-Virus versions prior to 19.1.2360 that stems from the lack of an effective trust management mechanism in a networked system or product. An attacker can exploit default passwords...

F5 BIG-IP Trust Management Issues Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP is vulnerable to a trust management issue. An attacker can exploit this vulnerability to attack affected components...

Ubiquiti Networks EdgeSwitch X Access Control Error Vulnerability

The Ubiquiti Networks EdgeSwitch is a Gigabit network switch device from Ubiquiti Networks, Inc. A trust management issue vulnerability exists in Ubiquiti Networks EdgeSwitch X v1.1.0 and prior versions. The vulnerability stems from the lack of an effective trust management mechanism in the netwo...

CVE-2019-9975

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key...

CVE-2019-9975

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key...

Siemens SIMATIC Panels and WinCC (TIA Portal)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC Runtime Advanced, WinCC Runtime Professional, WinCC TIA Portal; HMI Panels Vulnerabilities: Use of Hard-coded Credentials, Insufficient Protection of Credentials,...

MyCar Controls uses hard-coded credentials

Overview The MyCar Controls mobile applications prior to v3.4.24 on iOS and prior to v4.1.2 on Android contains hard-coded admin credentials. Description MyCar is a small aftermarket telematics unit from AutoMobility Distribution Inc. MyCar add smartphone-controlled geolocation, remote start/stop...

CVE-2019-10479

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface...

CVE-2019-10479

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface...

CVE-2019-10479

The CVE-2019-10479 entry concerns Glory RBW-100 devices running ISP-K05-02 7.0.0 firmware, where a hard-coded username and password allow a remote attacker to gain admin access to the Front Circle Controller web interface. The vulnerability enables full administrative privileges (impact: high/cri...