LevelOne WBR-6012 hard-coded password vulnerability

Talos Vulnerability Report TALOS-2024-1979 LevelOne WBR-6012 hard-coded password vulnerability October 30, 2024 CVE Number CVE-2024-28875,CVE-2024-31151 SUMMARY A security flaw involving hard-coded credentials in LevelOne WBR-6012’s web services allows attackers to gain unauthorized access during...

CVE-2024-45656 IBM Flexible Service Processor hard coded credentials

IBM Flexible Service Processor FSP FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP...

CVE-2024-45656 IBM Flexible Service Processor hard coded credentials

IBM Flexible Service Processor FSP FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP...

CVE-2024-5764

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database SMTP or HTTP proxy credentials, user tokens, tokens, among others. The affected versions relied on ...

CVE-2024-5764 Nexus Repository 3 - Static hard-coded encryption passphrase used by default

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database SMTP or HTTP proxy credentials, user tokens, tokens, among others. The affected versions relied on ...

CVE-2024-5764

CVE-2024-5764 affects Nexus Repository 3.x (3.0.0–3.72.0). It arises from a static hard-coded encryption passphrase used by the PasswordCipher to encrypt secrets in the Nexus configuration database (SMTP/HTTP proxy credentials, tokens, etc.). An administrator could set an alternate passphrase at ...

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A security vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.72.0 that stems from the use of hard-coded credentials...

CVE-2024-4740

MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data...

CVE-2024-4740

MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data...

CVE-2024-4740

CVE-2024-4740 concerns MXsecurity software, affected in versions v1.1.0 and prior. The root cause cited is the use of hard-coded credentials, enabling an attacker to tamper with sensitive data. Public details explicitly cover impact as data tampering; no exploit status or in‑the‑wild details are ...

CVE-2024-4740 MXsecurity Use of Hard-coded Credentials

MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data...

CVE-2024-4740 MXsecurity Use of Hard-coded Credentials

MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data...

MXsecurity 信任管理问题漏洞

MOXA MXsecurity is a management platform from China's Mosa MOXA Inc. that provides centralized visibility and security management to easily monitor and identify network threats and prevent security misconfigurations to create a robust threat defense. A trust management issue vulnerability exists ...

The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.

The vulnerability of the Kubernetes Image Builder software relates to the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine via SSH connection and elevate their privileges to root level...

The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.

The vulnerability of the Kubernetes Image Builder software relates to the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine via SSH connection and elevate their privileges to root level...

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk WHD software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 CVSS score: 9.1, the...

Qnap QES Use of Hard-coded Credentials (CVE-2020-2499)

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later. This plugin only works with Tenable.ot...

The vulnerability of the Telnet service of D-Link’s wireless routers, such as DIR-X4860, DIR-X5460A1, and COVR-X1870, allows a hacker to execute arbitrary commands in the basic operating system.

The vulnerability of D-Link DIR-X4860, DIR-X5460A1, and COVR-X1870 wireless routers lies in the presence of undocumented configuration commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the operating system using hard-coded credentials...

Helmholz REX100 信任管理问题漏洞

Helmholz REX100 is a wireless router from Helmholz. A trust management issue vulnerability exists in Helmholz REX100 versions prior to 2.3.1, which stems from the inclusion of two hard-coded user accounts and hard-coded passwords, allowing an unauthenticated, remote attacker to take full control ...

CVE-2024-8448

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell...