2 matches found
Hardcoded credentials
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a 1 SSH or 2 HTTP session, a different vulnerability than CVE-2016-1984...
CVE-2016-1984
The CVE-2016-1984 issue concerns Harman AMX devices where the setUpSubtleUserAccount function in /bin/bw uses a hard-coded 1MB@tMaN password (and related 1.4.x hard-coded 1MB@tMaN on certain builds), enabling remote access via SSH or HTTP. Affected firmware lines include 1.4.65 through 1.4.72, wi...