3 matches found
CVE-2015-8362
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a 1 SSH or 2 HTTP session, a different vulnerability than CVE-2016-1984...
Hardcoded credentials
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a 1 SSH or 2 HTTP session, a different vulnerability than CVE-2015-8362...
CVE-2015-8362
CVE-2015-8362 affects Harman AMX devices (various NetLinx controllers, Massio MCP-10x, Enova DGX/DVX lines, NI/NX series, ME260/64, etc.) where the setUpSubtleUserAccount function in /bin/bw uses a hard-coded BlackWidow diagnostic account password. This creates remote-access risk via SSH or HTTP ...