Authentication flaw

GE GEMNet License server EchoServer all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices...

Authentication flaw

GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices...

CVE-2017-14008

GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices...

CVE-2017-14004

GE GEMNet License server EchoServer all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices...

CVE-2017-14006

GE Xeleris 1.0/1.1/2.1/3.0/3.1 medical imaging workstations are affected by an authentication bypass due to default or hard-coded credentials. A remote attacker could exploit this to bypass authentication and gain access to the device. Public advisories/analyses across multiple sources corroborat...

CVE-2017-14004

The CVE-2017-14004 entry concerns GE GEMNet License Server (EchoServer). Affected versions allegedly use default or hard-coded credentials, enabling remote authentication bypass and unauthorized access to the device. Public docs confirm the vulnerability can be exploited remotely (no user interac...

UNAUTHENTICATED START OF TELNETD ON TENDA AC15 ROUTER

INTRODUCTION We previously showed how the Tenda AC15 router was vulnerable to an unauthenticated remote code execution vulnerability via a stack based buffer overflow. Writing exploits like that can be incredibly interesting, but sometimes, all you need is a GET request to get root. In this post ...

CVE-2018-5552

Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper"...

CVE-2018-5552

Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper"...

Hardcoded credentials

Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper"...

CVE-2018-5551 DocuTrac DTISQLInstaller.exe Hard-Coded Credentials

Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa...

CVE-2018-5552

CVE-2018-5552 affects DocuTrac QuicDoc and Office Therapy installers (DTISQLInstaller.exe, v1.6.4.0 and earlier). The root cause, per connected sources, is a hard-coded cryptographic salt named “S@l+&pepper” embedded in the installer. The documents do not specify the exact impact, attack vectors,...

CVE-2018-5552 DocuTrac DTISQLInstaller.exe Hard-Coded Salt

Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper"...

CVE-2017-8013

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...

CVE-2017-8013

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...

CVE-2017-8013

CVE-2017-8013 affects EMC Data Protection Advisor 6.3.x (before patch 67) and 6.4.x (before patch 130). Root cause: undocumented accounts with hard-coded passwords (Apollo System Test, emc.dpa.agent.logon, emc.dpa.metrics.logon) enabling access via REST APIs and potentially administrative privile...

CVE-2017-8013

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...

Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials

Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass Vendor: Prisma Industriale S.r.l. Product web page: https://www.prismaindustriale.com Affected version: 1.0 Rev 21, EPROM 202FWSAM ?? Summary: Web...

Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials

Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass Vendor: Prisma Industriale S.r.l. Product web page: https://www.prismaindustriale.com Affected version: 1.0 Rev 21, EPROM 202FWSAM ?? Summary: Web Administration of Machine. Desc: The vulnerability exists due to the disclosure o...

Unauthorized Access Vulnerability in vApp Manager for Multiple Dell Products

Dell EMC Unisphere for VMAX Virtual Appliance and so on are products of Dell Inc. in the United States. the Dell EMC Unisphere for VMAX Virtual Appliance vApp is a management tool for VMAX storage arrays. the EMC Solutions Enabler Virtual Appliance is a Solutions Enabler Virtual Appliance. vApp...