36 matches found
CVE-2026-24789
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...
CVE-2026-24789
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...
CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...
EUVD-2001-1416
Malware in sbrugna...
EUVD-2022-38947
Malicious code in bioql PyPI...
CVE-2025-43720
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile...
PT-2024-26998 · Swissphone · Swissphone Dical-Red 4009
Name of the Vulnerable Software and Affected Versions: Swissphone DiCal-RED 4009 affected versions not specified Description: The issue allows a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password...
CVE-2023-43776
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card .PRG file ending...
Default credentials
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card .PRG file ending...
CVE-2023-43776 Weak encoding vulnerability in easyE4
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card .PRG file ending...
PT-2023-28977 · Eaton · Eaton Easye4 Plc
Name of the Vulnerable Software and Affected Versions: Eaton easyE4 PLC affected versions not specified Description: The Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. However, it was observed that the device...
CVE-2022-36228
Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app...
PT-2023-13460 · Nokelock · Nokelock Smart Padlock O1 +1
Name of the Vulnerable Software and Affected Versions: Nokelock Smart padlock O1 version 5.3.0 Description: The issue allows an attacker to send a request and add any device, as well as set the device password in the Nokelock app, due to insecure permissions. Recommendations: For version 5.3.0,...
CVE-2023-27836
TP-Link TL-WPA8630P US V2 Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub 40A80C...
CVE-2023-27836
TP-Link TL-WPA8630P US V2 Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub 40A80C...
CVE-2023-27836
TP-Link TL-WPA8630P US V2 Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub 40A80C...
PT-2023-3392 · Tp Link · Tp-Link Tl-Wpa8630P
Name of the Vulnerable Software and Affected Versions: TP-Link TL-WPA8630P US V2 Version 171011 Description: The issue is related to a command injection vulnerability via the devicePwd parameter in the sub 40A80C function. This vulnerability may allow a remote attacker to execute arbitrary...
TP-LINK TL-WPA8630P 命令注入漏洞
The TP-LINK TL-WPA8630P is a WIFI extender from China P&L TP-LINK. A security vulnerability exists in the TP-LINK TL-WPA8630P USV2171011 version, which stems from a command injection vulnerability in the parameter devicePwd...
CVE-2022-44020
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...
CVE-2022-37861
There is a remote code execution RCE vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component...