CVE-2018-16201

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands...

CVE-2018-16201

The CVE-2018-16201 issue affects Toshiba Home gateway models HEM-GW16A and HEM-GW26A (firmware 1.2.9 and earlier). It stems from hard-coded credentials, potentially allowing an attacker on the same network segment to log into the administrator settings screen and, from there, change configuration...

CVE-2018-16186

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached D5520, D6500, D6510, D7500, D8400, and the display versions with RICOH Interactive Whiteboard Controller Type2 V3....

SSH Known Hard Coded Private Keys

The remote host is running a service that is using a publicly known SSH private key. An attacker may use this key to decrypt intercepted traffic between users and the device. A remote attacker can also perform a man-in-the-middle attack in order to gain access to the system or modify data in...

SSL / TLS Certificate Known Hard Coded Private Keys

The remote host is running a service that is using a publicly known SSL / TLS private key. An attacker may use this key to decrypt intercepted traffic between users and the device. A remote attacker can also perform a man-in-the-middle attack in order to gain access to the system or modify data i...

Battelle V2I Hub Hardcoded Credentials Vulnerability

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A hard-coded credentials vulnerability exists in Battelle V2I Hub...

CVE-2018-1000625

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system...

CVE-2018-1000625

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system...

Guardzilla Home Cameras Open to Anyone Wanting to Watch Their Footage

Another day, another internet of things IoT issue: A design flaw in the Guardzilla home video surveillance system has been discovered that allows users to watch other homeowners’ Guardzilla videos. The Guardzilla All-In-One Video Security System is a home security platform that provides indoor...

CVE-2018-1000625

The CVE-2018-1000625 vulnerability affects Battelle V2I Hub 2.5.1 and is caused by hard-coded credentials for the administrative account, allowing an attacker to log in as an admin and gain unauthorized access to the system. The connected CNVD/NVD entries corroborate the description. No concrete ...

CVE-2018-1000625

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system...

EVLink Parking Privilege Vulnerability

Schneider Electric EVLink Parking is a commercial electric vehicle charging solution from Schneider Electric, France. A security vulnerability exists in Schneider Electric EVLink Parking 3.2.0-12v1 and prior versions, which stems from the program's use of hard-coded credentials. An attacker could...

Critical Bug Patched in Schneider Electric Vehicle Charging Station

Schneider Electric is warning about a critical vulnerability in its EVLink Parking devices – a line of electric vehicle charging stations. The energy management and automation giant said the vulnerability is tied to a hard-coded credential bug that exists within the device that could enable...

CVE-2018-7800

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12v1 and earlier, which could enable an attacker to gain access to the device...

CVE-2018-7800

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12v1 and earlier, which could enable an attacker to gain access to the device...

CVE-2018-7800

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12v1 and earlier, which could enable an attacker to gain access to the device...

CVE-2018-7800

EVLink Parking (Schneider Electric) versions 3.2.0-12_v1 and earlier are affected by CVE-2018-7800 due to hard-coded credentials, enabling potential unauthenticated access to the device. The root cause is hard-coded credentials; impact includes gaining access to the device and full control of the...

CVE-2018-15720

Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API...

CVE-2018-15720

Affected product: Logitech Harmony Hub. Vulnerability: hard-coded XMPP accounts in the hub’s XMPP server allow remote, unauthenticated access to the local API. Root cause: exposed credentials baked into the firmware prior to 4.15.206. Impact: potential remote control of the hub APIs; effect on co...

CVE-2018-19233

COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file...