PT-2023-32038 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 2.0 Description: The issue concerns the use of hard-coded credentials in the GitHub repository microweber/microweber. A patch is available and is anticipated to be part of version 2.0. Recommendations:...

CVE-2023-41030

Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user...

CVE-2023-41030

Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user...

CVE-2023-41030

CVE-2023-41030 affects Juplink RX4-1500 wi-fi router. Vulnerable versions V1.0.2–V1.0.5 permit unauthenticated login to web interface or Telnet as the user user due to hard-coded credentials. Connected sources corroborate the affected versions and login as user; explicit exploitation details are ...

CVE-2023-41030 Juplink RX4-1500 Hard-coded Credential Vulnerability

Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user...

Juplink RX4-1500 Trust Management Issue Vulnerability

The Juplink RX4-1500 is a wireless router from Juplink. A security vulnerability exists in the Juplink RX4-1500 versions V1.0.2 through V1.0.5, which stems from the use of hard-coded credentials, which allows an attacker to log in to the web interface or Telnet service as the user user...

CVE-2023-40717

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

CVE-2023-40717

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

CVE-2023-40717

CVE-2023-40717 concerns FortiTester versions 2.3.0–7.2.3, where a hard-coded credentials flaw (CWE-798) could let an attacker who gains a shell on the device access the database via shell commands. The Red Hat and PTSecurity entries confirm the vulnerable platform and a local access path to reach...

CVE-2023-40717

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

FortiTester Trust Management Issues Vulnerabilities

FortiTester is a Fortinet professional-based network traffic testing tool from FortiTester, Inc. A security vulnerability exists in FortiTester versions 2.3.0 through 7.2.3, which stems from the presence of a hard-coded credentials vulnerability that could allow an attacker who successfully obtai...

CVE-2023-39422 Use of Hard-coded Credentials in multiple /irmdata/api/ endpoints

The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless...

CVE-2023-39422 Use of Hard-coded Credentials in multiple /irmdata/api/ endpoints

The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless...

CVE-2023-39421 Use of Hard-coded Credentials in RDPWin.dll

The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services...

CVE-2023-39421 Use of Hard-coded Credentials in RDPWin.dll

The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services...

CVE-2023-39420 Use of Hard-coded Credentials in RDPCore.dll

The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file. Once reverse-engineered, this routine can help an attacker generate the...

CVE-2023-39420 Use of Hard-coded Credentials in RDPCore.dll

The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file. Once reverse-engineered, this routine can help an attacker generate the...

CVE-2023-32619

Archer C50 firmware versions prior to 'Archer C50JPV3230505' and Archer C55 firmware versions prior to 'Archer C55JPV1230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command...

CVE-2023-32619

Archer C50 firmware versions prior to 'Archer C50JPV3230505' and Archer C55 firmware versions prior to 'Archer C55JPV1230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command...

CVE-2023-32619

Archer C50 firmware versions prior to 'Archer C50JPV3230505' and Archer C55 firmware versions prior to 'Archer C55JPV1230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command...