CVE-2026-1329

A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be...

CVE-2026-1329

A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be...

EUVD-2025-22105

Malicious code in bioql PyPI...

CVE-2025-57433

The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint /cwi/ajaxrequest/getdata.php, an authenticated attacker even with a low-privileged account like guest can retrieve the hashed passwords for the...

CVE-2025-46123

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint /admin/conf.jsp writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied...

CVE-2025-46123

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint /admin/conf.jsp writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied...

CVE-2025-46123

CVE-2025-46123 affects CommScope Ruckus Unleashed (versions before 200.15.6.212.14 and 200.17.7.0.139) and Ruckus ZoneDirector (before 10.5.1.0.279). The issue arises from an authenticated configuration endpoint (/admin/_conf.jsp) that writes the Wi‑Fi guest password to memory using snprintf with...

CVE-2021-28151

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

CVE-2021-28151

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

CVE-2020-29669

In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password...

Macally WIFISD2-2A82 Media and Travel Router Authorization Issues Vulnerability

The Macally WIFISD2-2A82 Media and Travel Router is a convenient multi-function router from Macally USA. Macally WIFISD2-2A82 Media and Travel Router 2.000.010 suffers from an authorization issue vulnerability that stems from a guest user being able to reset their own password. This process has a...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new admin user via a request to api/add/admin; 2 have unspecified impact via a request to...

CVE-2014-2225

Multiple cross-site request forgery CSRF vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new admin user via a request to api/add/admin; 2 have unspecified impact via a request to...

CVE-2019-10183

Virt-install1 utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced...

The vulnerability of the microprogrammed software of the wireless video camera Lens Peek-a-View lies in the presence of pre-set accounts, which allow a intruder to gain access to the device.

The microprogramming software of the wireless video camera Lens Peek-a-View has vulnerabilities. There are pre-installed user accounts named “admin” with the password “2601hx” for access via UART, and user accounts named “user” and “guest” with passwords “user” and “guest” respectively for access...

CVE-2017-8218

vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password...

CVE-2017-8218

vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password...

CentreCOM AR260S V2 vulnerable to privilege escalation

Overview CentreCOM AR260S V2 provided by Allied Telesis K.K. is a wired LAN router. CentreCOM AR260S V2 contains a privilege escalation vulnerability. Ziv Chang of Trend Micro Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

barracudeHardcode.txt

Title: Barracuda Hardcoded Password Vulnerability Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected] Discovered on: 28 May 2006 Overview: Barracuda Sp...

Barracuda Spam Firewall <= 3.3.03.053 Remote Code Execution

Exploit for hardware platform in category remote exploits =========================================================== Barracuda Spam Firewall = 3.3.03.053 Remote Code Execution =========================================================== Title: Barracuda Arbitrary File Disclosure + Command Executi...