PT-2024-4303 · Brocade · Brocade Sannav Ova

Name of the Vulnerable Software and Affected Versions: Brocade SANnav OVA versions prior to 2.3.1 Brocade SANnav OVA version 2.3.0a Description: The issue is related to the use of hard-coded credentials in the documentation of the Brocade SANnav appliance, which can be used as the root password...

PT-2024-19143 · Netapp · Ontap Select Deploy Administration Utility

Name of the Vulnerable Software and Affected Versions: ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x Description: The issue is related to hard-coded credentials in the affected software, which could allow an attacker to view configuration information and modi...

PT-2024-12857 · Peplink · Peplink Smart Reader

Name of the Vulnerable Software and Affected Versions: Peplink Smart Reader version 1.2.0 Description: A privilege escalation issue exists in the /bin/login functionality. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can...

Peplink Smart Reader /bin/login privilege escalation vulnerability

Talos Vulnerability Report TALOS-2023-1868 Peplink Smart Reader /bin/login privilege escalation vulnerability April 17, 2024 CVE Number CVE-2023-40146 SUMMARY A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted...

hard-coded credential in the documentation that appear as the root password (CVE-2024-29966).

Brocade SANnav OVAprovides a Linux root account for use during the initial installation and management of the SANnav product. The default password for the root account is documented in the SANnav installation guide. This could allow an unauthenticated attacker full access to a Brocade SANnav OVA ...

Crickets from Chirp Systems in Smart Lock Key Leak

The U.S. government is warning that "smart locks" securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The locks maker Chirp Systems remains unresponsive, even though it was first notified about the critical...

D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability

D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution...

Security Bulletin: Multiple Security Vulnerabilities were found in Open Source libraries used to deploy IBM Security Verify Access Appliances (CVE-2024-31871, CVE-2024-31872, CVE-2024-31873, CVE-2024-31874)

Summary An Open Source repository of python deployment scripts for ISVA Appliance is published on GitHub at https://github.com/IBM-Security/ibmsecurity. Vulnerabilities reported in the public repository have been addressed. Vulnerability Details CVEID:CVE-2024-31872 DESCRIPTION: IBM Security Veri...

CVE-2024-31873

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317...

CVE-2024-31873

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317...

CVE-2024-31873 IBM Security Verify Access Appliance information disclosure

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317...

CVE-2024-31873 IBM Security Verify Access Appliance information disclosure

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317...

CVE-2024-31873

CVE-2024-31873 affects IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7, where hard-coded credentials are used for inbound authentication. The issue stems from credentials embedded in the appliance, which a malicious actor could obtain, enabling potential unauthorized access to...

PT-2024-24261 · Ibm · Ibm Security Verify Access Appliance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7 Description: The issue concerns hard-coded credentials used by the appliance for its own inbound authentication, which could be obtained by a malicious actor. Recommendations...

IBM Security Verify Access 信任管理问题漏洞

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

Multiple vulnerabilities in NEC Aterm series

Overview Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 - CVE-2024-28006 Incorrect Permission...

JVN#82074338: Multiple vulnerabilities in NEC Aterm series

Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control...

CVE-2024-3272

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The...

CVE-2024-3272 D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The...

CVE-2024-3272

Summary of CVE-2024-3272 (D-Link NAS devices) Affects D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L. The vulnerability concerns processing of the file /cgi-bin/nas_sharing.cgi in the HTTP GET Request Handler, where manipulation of the user argument via the input messagebus leads to a hard-code...