PT-2023-20655 · Unknown · Thingsboard

Name of the Vulnerable Software and Affected Versions: ThingsBoard version 3.4.1 Description: The issue allows a remote attacker to gain elevated privileges due to hard-coded service credentials being stored in an insecure format. To exploit this, an attacker would need access to the application...

CVE-2023-26462

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials usable for privilege escalation are stored in an insecure format. To read this stored data, the attacker needs access to the application server or its source code...

ProLink PRS1841 信任管理问题漏洞

The ProLink PRS1841 is a router from ProLink Singapore. A security vulnerability exists in the Prolink PRS1841 that stems from the IT Telnet and FTP services containing hard-coded credentials...

WAGO Series 750-88x and 750-87x Use of Hard-Coded Credentials (CVE-2019-10712)

The Web-GUI on WAGO Series 750-88x 750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889 and Series 750-87x 750-830, 750-849, 750-871, 750-872, 750-873 devices has undocumented service access. This plugin only works with Tenable.ot. Please visit...

CVE-2022-3089 EnOcean SmartServer Hard-coded credentials

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file...

CVE-2022-3089 EnOcean SmartServer Hard-coded credentials

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file...

Key-Systems Global Facilities Management Software 信任管理问题漏洞

Key-Systems Global Facilities Management Software Key-Systems GFMS is a global facilities management software from Key-Systems. A security vulnerability exists in Key Systems Management Global Facilities Management Software GFMS version 3 that stems from the use of hard-coded credentials, resulti...

EnOcean SmartServer

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low attack complexity Vendor: EnOcean Edge Inc, a subsidiary of EnOcean GmbH Equipment: SmartServer with i.LON Vision Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

CVE-2022-42973

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA, APC...

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA, APC...

CVE-2022-42973

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA, APC...

Schneider Electric Easy UPS Online Monitoring Software 信任管理问题漏洞

Schneider Electric Easy UPS Online Monitoring Software is a power monitoring software from Schneider Electric France. Schneider Electric Easy UPS Online Monitoring Software suffers from a trust management issue vulnerability that stems from a use of hard-coded credentials vulnerability that could...

CVE-2022-42973

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA, APC...

CVE-2022-42973

Schneider Electric APC Easy UPS Online Monitoring Software (and APC Easy UPS Online Monitoring Software) versions prior to V2.5-GA, V2.5-GA-01-22261, V2.5-GS, or GS-01-22261 are affected by CVE-2022-42973 (CWE-798): use of hard-coded credentials in the database, enabling local privilege escalatio...

多款Baicells Nova产品信任管理问题漏洞

Baicells Nova 227 is a miniature base station.Baicells Nova 233 is a miniature base station.Baicells Nova 243 is a miniature base station. A trust management issue vulnerability exists in the Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB device firmware prior to RTS/RTD 3.7.11.6. The...

PT-2023-1287 · D Link · D-Link Dap-2020 +1

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1360 affected versions not specified D-Link DAP-2020 affected versions not specified Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of D-Link routers. The specific flaw...

Hardcoded credentials

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contains a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges...

Use of Hard-coded Credentials

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

Hitachi FOXMAN-UN 信任管理问题漏洞

Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Japan. A security vulnerability exists in Hitachi FOXMAN-UN, which stems from the fact that its message queue contains hard-coded credentials that allow an attacker to access data from the internal message queue...

CVE-2022-47618

Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service...