Hard-coded passwords for multiple Lenovo products Fingerprint Manager Pro

Lenovo ThinkPad L560 and others are computer products of the Chinese company Lenovo Lenovo.Fingerprint Manager Pro is one of the fingerprint recognition sensor drivers. A security vulnerability exists in Fingerprint Manager Pro 8.01.86 and earlier versions of several Lenovo products, which stems...

MASTER IPCAMERA01 Hardcoded Vulnerability

MASTER IPCAMERA01 is an IP network camera product. A hard-coded vulnerability exists in MASTER IPCAMERA01 version 3.3.4.2103, which originates from the use of a hard-coded password for the root account. An attacker can exploit this vulnerability to gain root privileges...

AssetView and AssetView PLATINUM contain multiple vulnerabilities

Overview AssetView and AssetView PLATINUM provided by Hammock Corporation contain 2 vulnerabilities listed below. Use of Hard-coded Cryptographic Key CWE-321 - CVE-2017-10866 Improper Input Validation CWE-20 - CVE-2017-10867 Muneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported...

TRENDnet TEW-823DRU Device Elevation of Privilege Vulnerability

The TRENDnet TEW-823DRU devices is a dual-band wireless router device from TRENDnet. A security vulnerability exists in TRENDnet TEW-823DRU devices using firmware versions prior to 1.00b36, where a hard-coded password is used for the root account. A remote attacker can exploit the vulnerability t...

Western Digital My Cloud NAS Device Hardcoded Backdoor Vulnerability

The Western Digital MyCloud NAS is a network attached storage device. A hard-coded backdoor vulnerability exists in the Western Digital My Cloud NAS device, where an administrator username and password cannot be changed because they are hard-coded into a binary file, allowing an arbitrary user to...

D-Link DNS-320L 'mydlinkBRionyg' Backdoor

Released Date: 2018-01-03 Last Modified: 2017-06-14 Company Info: D-Link Version Info: Vulnerable D-Link DNS-320L ShareCenter = 1.06 Table of contents 00 - Introduction 00.1 Background 01 - Hard coded backdoor 01.1 - Vulnerable code analysis 01.2 - Remote exploitation 02 - Credit 03 - Proof of...

D-Link DNS-320L ShareCenter Backdoor Account / Remote Root

/ / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// // /// // GulfTech Research and Development D-Link DNS-320L ShareCenter Backdoor Released Date: 2018-01-03 Last Modified: 2017-06-14 Company Info: D-Link Version Info: Vulnerable D-Link DNS-320L ShareCenter =...

D-Link DNS-320 ShareCenter 1.06 - Backdoor Access

D-Link DNS-320 ShareCenter 1.06 - Backdoor Access DNS-320L ShareCenter Backdoor Vendor: D-Link Product: DNS-320L ShareCenter Version: = 1.06 -- Table of contents 00 - Introduction 00.1 Background 01 - Hard coded backdoor 01.1 - Vulnerable code analysis 01.2 -...

WDMyCloud < 2.30.165 - Multiple Vulnerabilities

WDMyCloud Multiple Vulnerabilities Vendor: Western Digital Product: WDMyCloud Version: = 2.30.165 Website: https://www.wdc.com/products/network-attached-storage.html / / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// // /// // GulfTech Research and Development...

D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access

DNS-320L ShareCenter Backdoor Vendor: D-Link Product: DNS-320L ShareCenter Version: = 1.06 -- Table of contents 00 - Introduction 00.1 Background 01 - Hard coded backdoor 01.1 - Vulnerable code analysis 01.2 - Remote exp...

Zivif PR115-204-P-RS Information Disclosure Vulnerability

The Zivif PR115-204-P-RS is a webcam device. An information disclosure vulnerability exists in the Zivif PR115-204-P-RS version 2.3.4.2103, which stems from the program using a hard-coded cat1029 password for the root user. An attacker can exploit this vulnerability to gain access to the device...

HP Insight Control For VMware vCenter Server 7.3 Insecure Permissions Vulnerability

HP Insight Control for VMware vCenter Server version 7.3 allows a low privileged attacker to read sensitive information files, decrypt all configuration server passwords, and gain access to the systems which in turn leads to the compromise of the whole infrastructure. / Exploit Title: HP Insight...

InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

CVE-2014-8389

cgi-bin/mft/wirelessmft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-code...

CVE-2014-8389

cgi-bin/mft/wirelessmft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-code...

HP Insight Control For VMware vCenter Server 7.3 Insecure Permissions

/ Exploit Title: HP Insight Control for VMware vCenter Server Multiple Vulnerabilities Date: 11/05/2014 Author: Glafkos Charalambous Version: 7.3 Vendor: HP Vendor URL: http://www.hpe.com HP Case: SSRT101619 Product Description: HP Insight Control for VMware vCenter Server Insight Control for...

Ichano AtHome IP Cameras Multiple Vulnerabilities

Exploit for hardware platform in category remote exploits Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and table...

CVE-2014-8389

CVE-2014-8389 affects AirLive IP cameras (MD-3025, BU-3026, BU-2015, WL-2000CAM, POE-200CAM). The vulnerability is an OS command injection in the CGI binaries: cgi_test.cgi on the MD-3025/BU-3026/BU-2015 (injection via certain parameters such as write_tan, etc.), and wireless_mft.cgi on WL-2000CA...

Ichano AtHome IP Cameras Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into a professional video monitoring system in a minute....

CVE-2017-17107

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session...