PT-2017-9770 · Foscam · Foscam C1

Name of the Vulnerable Software and Affected Versions: Foscam C1 version 1.9.1.12 Description: The issue concerns hard-coded FTP credentials, specifically r:r, included in the firmware. This could allow remote access to cameras connected to the internet without port 50021 blocked by an intermedia...

finecmsV5.0.8 \finecms\dayrui\controllers\Api.php getshell

Vulnerability in the C:\phpStudy\WWW\finecms\dayrui\controllers\Api. in php data2 function, approximately in the line 115, the problematic code about 178 rows public function data2 $data = array; // Route authentication if defined'SYSREFERER' && strlenSYSREFERER $http = $SERVER'HTTPREFERER' ?...

Cisco Elastic Services Controller Default Administrator Credentials Vulnerability

Cisco Elastic Services Controller is a cloud and systems management solution. Cisco Elastic Services Controllers has a security vulnerability in the ConfD CLI implementation that stems from the presence of a default, weak, hard-coded password for the admin user on the affected system. A remote...

Schneider Electric U.motion Builder Embedded Session ID Authentication Bypass Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A session ID authentication bypass vulnerability exists in Schneider Electric U.motion Builder Embedded. The application has a hard-coded static session ID.By embedding the session ID in an HTTP cookie, an attacker can bypass t...

Schneider Electric U.motion Builder Hardcoded Remote Code Execution Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A hard-coded remote code execution vulnerability exists in Schneider Electric U.motion Builder. The web service comes with a hidden system account that contains hard-coded passwords. An attacker could exploit the vulnerability ...

(0Day) Schneider Electric U.motion Builder Hard-Coded Password Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. The specific flaw exists within the configuration of the product. The web service comes with a hidden system account with a hard-coded password. An attacker can...

Foscam camera FTP server account hard-coded password vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera FTP server account has a hard-coded password vulnerability due to the built-in FTP user password being hard-coded and empty. An attacker can exploit the...

Hard-coded Passwords Make Hacking Foscam ‘IP Cameras’ Much Easier

Security researchers have discovered over a dozen of vulnerabilities in tens of thousands of web-connected cameras that can not be protected just by changing their default credentials. Vulnerabilities found in two models of IP cameras from China-based manufacturer Foscam allow attackers to take...

Cisco Elastic Services Controller Insecure Default Credentials Vulnerability

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user. The vulnerability is due to the existence of a default, weak, hard-coded password for the Linux admin user of an affected system. A successf...

Cisco Ultra Services Framework Element Manager Insecure Default Credentials Vulnerability

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device. The vulnerability is due to weak, hard-coded credentials of the admin and oper user...

CVE-2017-6039

A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device...

CVE-2017-6039

A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device...

CVE-2017-6039

A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device...

CVE-2017-6039

CVE-2017-6039 affects Phoenix Broadband PowerAgent SC3 BMS (PowerAgent SC3 Site Controller). The root cause is a hard-coded password in all versions prior to v6.87, enabling unauthorized access to the device. The vulnerability is described as remote, with CVSSv3 base score 5.3 (AV:N/AC:L/PR:N/UI:...

Phoenix Broadband Technologies LLC PowerAgent SC3 Site Controller

CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Phoenix Broadband Technologies LLC Equipment: PowerAgent SC3 Site Controller Vulnerability: Use of Hard-Coded Password AFFECTED PRODUCTS Phoenix Broadband Technologies LLC reports that the following versions of...

Multiple Vulnerabilities in CERIO DT-100G-N/DT-300N/CW-300N

CERIO DT-100G-N/DT-300N/CW-300N are wireless router products from CERIO. The CERIO DT-100G-N/DT-300N/CW-300N is vulnerable to hard-coded and default credentials, information disclosure, command injection, and backdoor vulnerabilities. It is allowed to escape a restricted shell to the root shell v...

CERIO 11nbg 2.4Ghz High Power Wireless Router (pekcmd) Rootshell Backdoors

Summary CERIO's DT-300N A4 eXtreme Power 11n 2.4Ghz 2x2 High Power Wireless Access Point with built-in 10dBi patch antennas and also supports broadband wireless routing. DT-300N A4's wireless High Power design enhances the range and stability of the device's wireless signal in office and home...

CERIO DT-100G-NDT-300NCW-300N - Multiple Vulnerabilities

CERIO DT-100G-NDT-300NCW-300N - Multiple Vulnerabilities CERIO 11nbg 2.4Ghz High Power Wireless Router pekcmd Rootshell Backdoors Vendor: CERIO Corporation Product web page: http://www.cerio.com.tw Affected version: DT-100G-N fw: Cen-WR-G2H5 v1.0.6 DT-300N fw: Cen-CPE-N2H10A v1.0.14 DT-300N fw:...

Hardcoded credentials

A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded...

CVE-2017-9132

A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded...