CVE-2021-31505

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mod...

CVE-2021-31505

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mod...

CVE-2021-31505

The CVE-2021-31505 entry affects Arlo Q Plus with firmware 1.9.0.3_278, where attackers with physical access can escalate privileges via the SSH service. The vulnerability allows the device to boot into a special operation mode that accepts hard-coded SSH credentials, enabling privilege escalatio...

CVE-2021-33531

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can...

CVE-2021-33531

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can...

CVE-2021-33531

The CVE-2021-33531 entry describes a vulnerability in Weidmueller Industrial WLAN devices where an undisclosed/undocumented encryption password enables hard-coded credentials in the device OS, allowing an attacker with low privileges to execute custom diagnostic scripts by sending them authentica...

CVE-2021-33531 WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can...

CVE-2021-33529 WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device...

CVE-2021-34812

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2021-34812

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors...

Hardcoded credentials

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2021-34812

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2021-34812

CVE-2021-34812 affects Synology Calendar: a vulnerability in the PHP component where hard-coded credentials allow remote attackers to obtain sensitive information. It is exploitable on Synology Calendar versions before 2.4.0-0761. Remediation is to upgrade to 2.4.0-0761 or later. Exploitation sta...

CVE-2021-31477

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain...

CVE-2021-31477

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain...

CVE-2021-31477

CVE-2021-31477 affects GE Reason RPV311 14A03. The vulnerability arises from hard-coded default credentials stored in the device firmware/filesystem, enabling remote attackers to execute arbitrary code with the download user context without authentication. Several sources (ZDI advisory ZDI-21-616...

Arlo Q Plus SSH Use of Hard-coded Credentials Privilege Escalation Vulnerability

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mode where...

Bugs Lurking in Cisco UC Provisioning Platform

The Akkadian Provisioning Manager, which is used as a third-party provisioning tool within Cisco Unified Communications environments, has three high-severity security vulnerabilities that can be chained together to enable remote code execution RCE with elevated privileges, researchers said. They...

Advantech WISE-PaaS/RMM Trust Management Issue Vulnerability

Advantech WISE-PaaS/RMM is a remote monitoring and management platform for IoT devices from Advantech Taiwan, China.Advantech WISE-PaaS/RMM versions prior to 9.0.1 are vulnerable to a trust management issue that stems from the presence of hard-coded credentials in the dashboard. An unauthenticate...

CommScope Ruckus IoT Controller 信任管理问题漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A trust management issue vulnerability exists in the...