CVE-2022-38394

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command...

CVE-2022-38394

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command...

CVE-2022-38394

CVE-2022-38394 affects CentreCOM AR260S V2 firmware prior to 3.3.7. The telnet service uses hard-coded credentials, enabling a remote unauthenticated attacker to execute arbitrary OS commands. Affected product is CentreCOM AR260S V2; remediation is to update to firmware 3.3.7 or later and/or disa...

CVE-2022-38394

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command...

Multiple vulnerabilities in Contec FLEXLAN FX3000 and FX2000 series

Overview FLEXLAN FX3000 and FX2000 series provided by Contec Co., Ltd. contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2022-36158 Use of Hard-coded Credentials CWE-798 - CVE-2022-36159 Thomas J. Knudsen and Samy Younsi of Necrum Security Labs reported these...

Contec Health CMS8000 Patient Monitor (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Contec Health Equipment: CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor Vulnerabilities: Improper Access Control, Uncontrolled Resource Consumption, Use of Hard-Coded Credentials, Active Debug Code 2. RISK EVALUATION...

CVE-2022-30318

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of...

Hardcoded credentials

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of...

CVE-2022-30318

CVE-2022-30318 affects Honeywell ControlEdge (PLC/RTU) through R151.1, where the SSH service on port 22 uses root credentials that are hardcoded and not automatically changed at first commissioning. This creates a vulnerability to remote code execution, configuration manipulation, and denial of s...

CVE-2022-30318

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of...

CVE-2022-38116

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...

CVE-2022-38116

The CVE-2022-38116 entry concerns Le-yan Personnel and Salary Management System with hard-coded database credentials in the website source code, as documented across multiple sources (NVD/NVD-derived listings and CWE-style summaries). The root cause is embedded static credentials within the appli...

CVE-2022-38116

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...

Honeywell ControlEdge

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: ControlEdge Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report known as “OT:ICEFALL” that details vulnerabilities found in multiple...

Multiple vulnerabilities in CentreCOM AR260S V2

Overview CentreCOM AR260S V2 provided by Allied Telesis K.K. contains multiple vulnerabilities listed below. OS command injection vulnerability in GUI setting page CWE-78 - CVE-2022-35273 Use of hard-coded credentials for the telnet server CWE-798 - CVE-2022-38394 Undocumented hidden command that...

PT-2022-4624 · Centrecom · Centrecom Ar260S V2

Name of the Vulnerable Software and Affected Versions: CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 Description: The issue is related to the use of hard-coded credentials for the telnet server, allowing a remote unauthenticated attacker to execute an arbitrary OS command. This could...

Allied Telesis CentreCOM AR260S 信任管理问题漏洞

The Allied Telesis CentreCOM AR260S is a basic VPN access router from Allied Telesis Japan. A security vulnerability exists in the Allied Telesis CentreCOM AR260S V2 version, which stems from the use of hard-coded credentials by the telnet service...

JVN#45473612: Multiple vulnerabilities in CentreCOM AR260S V2

CentreCOM AR260S V2 provided by Allied Telesis K.K. contains multiple vulnerabilities listed below. OS command injection vulnerability in GUI setting page CWE-78 - CVE-2022-35273 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

(Pwn2Own) Softing Secure Integration Server Use of Default Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of user accounts. The configuration contains...

GHSA-MJ5W-W588-J6XG Use of Hard-coded Credentials in AgileConfig.Client

Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...