20 matches found
CVE-2025-1960
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interfa...
CVE-2025-2442
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could potentially lead to unauthorized access which could result in the loss of confidentially, integrity and availability when a malicious user, having physical access, sets the radio to the factory default...
CVE-2025-2441
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory default mode where the product does not correctly initialize all data...
CVE-2025-2441
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory default mode where the product does not correctly initialize all data...
CVE-2025-2442
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could potentially lead to unauthorized access which could result in the loss of confidentially, integrity and availability when a malicious user, having physical access, sets the radio to the factory default...
CVE-2025-2442
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could potentially lead to unauthorized access which could result in the loss of confidentially, integrity and availability when a malicious user, having physical access, sets the radio to the factory default...
CVE-2025-2442
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could potentially lead to unauthorized access which could result in the loss of confidentially, integrity and availability when a malicious user, having physical access, sets the radio to the factory default...
CVE-2025-2442
CVE-2025-2442 concerns Schneider Electric Trio Q Licensed Data Radio. The vulnerability stems from Initialization of a Resource with an Insecure Default , enabling a malicious user with physical access to set the radio to factory default mode and trigger unauthorized access, potentially compromis...
CVE-2025-2441
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory default mode where the product does not correctly initialize all data...
CVE-2025-2441
CVE-2025-2441 affects Schneider Electric Trio Q Licensed Data Radio. Root cause: insecure initialization of resources when set to factory default, potentially exposing confidential data. Impact: confidentiality loss with physical access; CVSS v3.1/4.0 base scores MEDIUM. Exploitation status not d...
CVE-2025-2441
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory default mode where the product does not correctly initialize all data...
CVE-2025-1960
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interfa...
CVE-2025-1960
CVE-2025-1960 affects Schneider Electric WebHMI (EcoStruxure Power Automation System User Interface) used in EMO-L/EPAS deployments. The root cause is CWE-1188: Initialization of a Resource with an Insecure Default, where insecure default values during resource initialization could allow an attac...
CVE-2025-1960
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interfa...
CVE-2024-51758 Exported files stored in default (`public`) filesystem if not reconfigured in filament
Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the defaultfilesystemdisk config option. This allows the user to easily swap their storage driver to something production-ready like s3 when deploying their...
Filament has exported files stored in default (`public`) filesystem if not reconfigured
Summary All Filament features that interact with storage use the defaultfilesystemdisk config option. This allows the user to easily swap their storage driver to something production-ready like s3 when deploying their app, without having to touch multiple configuration options and potentially...
GHSA-4HXW-GC2Q-F6F3 Filament has exported files stored in default (`public`) filesystem if not reconfigured
Summary All Filament features that interact with storage use the defaultfilesystemdisk config option. This allows the user to easily swap their storage driver to something production-ready like s3 when deploying their app, without having to touch multiple configuration options and potentially...
JVN#78728294: Firmware update for RICOH JavaTM Platform resets the TLS configuration
JavaTM Platform provided by Ricoh Company, Ltd. is the execution environment for firmware extensions of Ricoh MFPs and printers, providing TLS Transport Layer Security communication mechanism. When the firmware for JavaTM Platform is updated from Ver.12.89 or earlier versions to a newer version,...
JVN#77203800: OET-213H-BTS1 missing authorization check in the initial configuration
OET-213H-BTS1 is a digital temperature measurement and face recognition terminal, developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd. The initial configuration of the product is insecure CWE-1188, it does not perform an authorization check when processing...
ETIC Telecom RAS Authentication
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: ETIC Telecom Equipment: Remote Access Server RAS Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...