CVE-2017-9132

A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded...

CVE-2017-9132

CVE-2017-9132 describes a hard-coded credentials flaw affecting Mimosa Client Radios, Mimosa Backhaul Radios, and Mimosa Access Points released before 2.2.3. The devices run Mosquitto to exchange data; exploitation enables an attacker to connect to the broker using embedded credentials and view m...

CVE-2017-9132

A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded...

CVE-2014-9931

A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value...

The WannaCry Ransomware Hackers Made Some Real Amateur Mistakes

Researchers say the worst ransomware epidemic ever is also poorly run, shoddily coded, and barely profitable. The post The WannaCry Ransomware Hackers Made Some Real Amateur Mistakes appeared first on WIRED...

Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability (CNVD-2017-08798)

Cisco Unified Contact Center Enterprise UCCE is a set of IP-based contact center components from Cisco. It provides intelligent contact routing, call processing, network-to-desktop computer telephony integration CTI, and multi-channel contact management capabilities over an IP infrastructure. A...

CVE-2017-6626

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise UCCE 11.51 and 11.61 could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account tha...

CVE-2017-6626

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise UCCE 11.51 and 11.61 could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account tha...

CVE-2017-6626

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise UCCE 11.51 and 11.61 could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account tha...

Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise UCCE could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an...

Man-in-the-Middle (MitM)

github.com/heroku/force is vulnerable to man-in-the-middle attack. The attack is possible because it uses hard-coded root certificates and InsecureSkipVerify function of force.go...

Hyundai Motor America Blue Link Sensitive Information Disclosure Vulnerability

Hyundai Motor America Blue Link is a remote wireless remote control device for use in automobiles. A sensitive information disclosure vulnerability exists in Hyundai Motor America Blue Link versions 3.9.5 and 3.9.4, which stems from the program's use of hard-coded passwords. An attacker could...

CVE-2017-6054

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information...

TP-Link TL-SG108E Encryption Issue Vulnerability

The TP-Link TL-SG108E is a Gigabit Ethernet switch. A security vulnerability exists in the TP-Link TL-SG108E version 1.0 using firmware version 1.1.2 Build 20141017 Rel.50749, which stems from the program's use of hard-coded encryption keys. An attacker could exploit the vulnerability to obtain...

CVE-2017-8077

On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key a long string beginning with Ei2HNryt. This affects the 1.1.2 Build 20141017 Rel.50749 firmware...

CVE-2017-8077

On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key a long string beginning with Ei2HNryt. This affects the 1.1.2 Build 20141017 Rel.50749 firmware...

CVE-2017-8077

The CVE-2017-8077 issue affects the TP-Link TL-SG108E (firmware 1.1.2 Build 20141017 Rel.50749, 1.0). A hard-coded ciphering key (starts with Ei2HNryt) in the firmware is cited as the root cause. Red Hat and CNVD entries corroborate a vulnerability due to hard-coded encryption keys, with document...

Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability

Summary An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged root account with hard-coded credentials, giving attackers full control of affected devices...

Schneider Electric SoMachine Basic and Schneider Electric Modicon TM221CE16R Security Bypass Vulnerability

Schneider Electric SoMachine Basic and Schneider Electric Modicon TM221CE16R are both products of Schneider Electric France. The former is a programming and debugging interface for all components on the control platform; the latter is a programmable controller. A security vulnerability exists in...

Multiple Marel Products Security Bypass Vulnerabilities

The Marel SensorX25 X-ray Machine and other products from Marel Iceland are used in the medical industry to provide a wide range of medical tests. A security bypass vulnerability exists in a number of Marel products and stems from the program's use of hard-coded certificates. A remote attacker...