CVE-2024-8449 PLANET Technology switch devices - Local users' passwords recovery through hard-coded credentials

Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password...

CVE-2024-8448 PLANET Technology switch devices - Remote privilege escalation using hard-coded credentials

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell...

CVE-2024-8448 PLANET Technology switch devices - Remote privilege escalation using hard-coded credentials

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell...

CVE-2024-8448

PLANET Technology switch models are affected by CVE-2024-8448 due to a hard-coded credential in the CLI, enabling remote attackers with regular privileges to login and obtain a Linux root shell. The vulnerability affects certain PLANET switches (specific models not publicly detailed in the source...

Infinera hiT 7300 安全漏洞

The Infinera hiT 7300 is a software-defined networking SDN-ready coherent packet-optical transport system from Infinera USA. A security vulnerability exists in the Infinera hiT 7300 version 5.60.50 that stems from a hidden SSH service with hard-coded credentials that allows an attacker to access...

PLANET switch devices 信任管理问题漏洞

PLANET switch devices are a family of switch devices from PLANET Corporation in China. A trust management issue vulnerability exists in PLANET switch devices that stems from hard-coded credentials in the password recovery feature, allowing an unauthenticated attacker to connect to the device via...

PLANET switch devices 信任管理问题漏洞

PLANET switch devices are a family of switch devices from PLANET Corporation in China. A trust management issue vulnerability exists in PLANET switch devices, which arises from hard-coded credentials in a particular command line interface, allowing a remote attacker with regular privileges to log...

Infinera hiT 7300 安全漏洞

The Infinera hiT 7300 is a software-defined networking SDN-ready coherent packet optical transport system from Infinera USA. A security vulnerability exists in the Infinera hiT 7300 version 5.60.50, which stems from sensitive passwords stored in plaintext in firmware update packages allowing an...

CVE-2024-23958

CVE-2024-23958 affects Autel MaxiCharger AC Elite Business C50 with a BLE vulnerability in the BLE AppAuthenRequest handler that uses hardcoded credentials as a fallback. This allows network-adjacent attackers to bypass authentication on affected charging stations. The NVD entry lists a high base...

Autel Energy MaxiCharger AC Elite Business C50 安全漏洞

Autel Energy MaxiCharger AC Elite Business C50 is a car charger from Autel Energy USA. A security vulnerability exists in the Autel Energy MaxiCharger AC Elite Business C50 that stems from an issue with the inclusion of a use of hard-coded credentials in BLE...

CVE-2024-46328

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root...

ABB Cylon Aspect 3.07.01 (config.inc.php) Hard-coded Credentials in phpMyAdmin

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller is operating with default and hard-coded...

Vonets VAP11G-300 安全漏洞

Vonets VAP11G-300 is a multi-functional wireless bridge and repeater device from China Houtian Vonets. It is based on the IEEE 802.11n standard and has a wireless rate of up to 300Mbps. A security vulnerability exists in the Vonets VAP11G-300 version 3.3.23.6.9, which originates from hard-coded...

ABB Cylon Aspect 3.07.01 Hard-Coded Credentials

ABB Cylon Aspect 3.07.01 config.inc.php Hard-coded Credentials in phpMyAdmin Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.01 Summary: ASPECT is an award-winning scalable building energy...

Unspecified vulnerability in DIR-X4860 of AUO Electronic Equipment (Shanghai) Co., Ltd (CNVD-2024-39256)

The DIR-X4860 is a wireless router from China's AUO D-Link. A security vulnerability exists in the DIR-X4860 of AUO Electronic Devices Shanghai Co. An unauthorized remote attacker could exploit the vulnerability and be able to log in and execute operating system commands using hard-coded...

CVE-2024-45861 Use of Hard-coded Credentials in Kastle Systems Access Control System

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information...

CVE-2024-45861 Use of Hard-coded Credentials in Kastle Systems Access Control System

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information...

Kastle Systems Access Control System

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Kastle Systems Equipment : Access Control System Vulnerabilities : Use of Hard-coded Credentials, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of...

Kastle Access Control System 信任管理问题漏洞

The Kastle Access Control System is an access control system from Kastle Corporation in the United States. A trust management issue vulnerability exists in Kastle Access Control System versions prior to 20240501, which stems from the presence of hard-coded credentials, access to which could allow...

CVE-2024-45697

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials...