93 matches found
CVE-2024-28990
SolarWinds Access Rights Manager ARM was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative ZDI for its ongoing partnership in coordinating...
Allegra 信任管理问题漏洞
Allegra is a project management software for mid-sized organizations from Allegra. A trust management issue vulnerability exists in Allegra that stems from the inclusion of a hard-coded credential that leads to an authentication bypass vulnerability...
Tenda G3 安全漏洞
Tenda G3 is a QosVpn router from Tenda China. The Tenda G3 suffers from a hard-coded credential vulnerability that can be exploited by an attacker to log in as root and obtain sensitive information...
CVE-2024-8449
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password...
CVE-2024-8449
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password...
CVE-2024-8448
Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell...
CVE-2024-8449
CVE-2024-8449 affects PLANET Technology switch models, where the password recovery function contains a hard-coded credential. An unauthenticated attacker with physical access can use the serial console to reset any user’s password. The CVE entry notes hard-coded credential as the root cause and h...
PT-2024-39019 · Planet Technology · Planet Technology Switch
Name of the Vulnerable Software and Affected Versions: PLANET Technology switches affected versions not specified Description: The issue concerns a hard-coded credential in the password recovering functionality of certain switch models from PLANET Technology. This allows an unauthenticated attack...
PT-2024-39018 · Planet Technology · Planet Technology Switch
Name of the Vulnerable Software and Affected Versions: PLANET Technology switch models affected versions not specified Description: The issue concerns a hard-coded credential in the command-line interface of certain switch models from PLANET Technology. This allows remote attackers with regular...
CVE-2024-45861
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information...
CVE-2024-45861
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information...
CVE-2024-45861
The CVE-2024-45861 vulnerability affects Kastle Systems Access Control System firmware prior to May 1, 2024. The issue is use of hard-coded credentials in the firmware (CVE-2024-45861) which, if accessed, could allow an attacker to obtain sensitive information. The CISA ICS advisory confirms remo...
PT-2024-31817 · Kastle Systems · Kastle Systems Firmware
Name of the Vulnerable Software and Affected Versions: Kastle Systems firmware prior to May 1, 2024 Description: The issue concerns a hard-coded credential in the firmware, which, if accessed, may allow an attacker to access sensitive information. Recommendations: For Kastle Systems firmware prio...
SolarWinds ARM 2024.3.1 Multiple Vulnerabilities (2024-3-1)
The version of SolarWinds ARM installed on the remote host is prior to 2024.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024-3-1 advisory. - SolarWinds Access Rights Manager ARM was found to contain a hard-coded credential authentication bypass vulnerability. ...
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks
SolarWinds has released fixes to address two security flaws in its Access Rights Manager ARM software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It...
CVE-2024-28990
SolarWinds Access Rights Manager ARM was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative ZDI for its ongoing partnership in coordinating...
CVE-2024-28990
SolarWinds Access Rights Manager ARM was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative ZDI for its ongoing partnership in coordinating...
CVE-2024-28990
SolarWinds ARM contains a hard-coded credential authentication bypass (CVE-2024-28990) that could allow access to the RabbitMQ management console. The vulnerability affects ARM versions prior to 2024.3.1, and remediation is available in ARM 2024.3.1 (as referenced by multiple sources). No exploit...
CVE-2024-4007 Hard coded default credential contained in install package
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured...
PT-2024-6218 · Solarwinds · Solarwinds Access Rights Manager
Name of the Vulnerable Software and Affected Versions: SolarWinds Access Rights Manager affected versions not specified Description: The issue is related to a hard-coded credential authentication bypass vulnerability in SolarWinds Access Rights Manager ARM. If exploited, this vulnerability would...