Hardcoded credentials

A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without a...

CVE-2018-4062

A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without a...

CVE-2018-4062

A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without a...

CVE-2018-4062

CVE-2018-4062 affects Sierra Wireless AirLink ES450 FW 4.9.3, in the SNMPD function. Activating SNMPD outside of the WebUI can trigger hard-coded credentials, exposing a privileged user. Public documents confirm this vulnerability and indicate the issue is part of a broader set of AirLink flaws (...

Orpak SiteOmat

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available Vendor: Orpak acquired by Gilbarco Veeder-Root Equipment: SiteOmat Vulnerabilities: Use of Hard-coded Credentials, Cross-site Scripting, SQL Injection, Missing Encryption of...

Sierra Wireless AirLink ALEOS (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Sierra Wireless Equipment: AirLink ALEOS Vulnerabilities: OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type,...

GE Communicator

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: General Electric Equipment: Communicator Vulnerabilities: Uncontrolled Search Path, Use of Hard-coded Credentials, Improper Access Controls 2. RISK EVALUATION Successful exploitation of these...

Sierra Wireless AirLink ES450 SNMPD Hard-Coded Credentials Vulnerability

A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in a hard-coded, in the exposure of a privileged user. An attacker can activat...

Sierra Wireless AirLink ES450 SNMPD Hard-Coded Credentials

Talos Vulnerability Report TALOS-2018-0747 Sierra Wireless AirLink ES450 SNMPD hard-coded credentials vulnerability April 25, 2019 CVE Number CVE-2018-4062 Summary A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd...

Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450

Carl Hurd and Jared Rittle of Cisco Talos discovered these vulnerabilities. Executive summary Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws...

Sierra Wireless AirLink ES450 SNMPD hard-coded credentials vulnerability

Summary A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in a hard-coded, in the exposure of a privileged user. An attacker can...

CVE-2019-10688

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector BToE application 3.9.1, use hard-coded credentials to establish connections between the host application and the device...

CVE-2019-10688

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector BToE application 3.9.1, use hard-coded credentials to establish connections between the host application and the device...

CVE-2019-10688

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector BToE application 3.9.1, use hard-coded credentials to establish connections between the host application and the device...

CVE-2019-10688

Summary: CVE-2019-10688 affects VVX (Polycom) devices running UCS 5.9.2 or earlier with Better Together over Ethernet Connector (BToE) 3.9.1. A hard-coded credential vulnerability enables connections between the host application and the device, enabling potential unauthorized access. The CVSS met...

WAGO 750-88x Series and WAGO 750-87x Series Trust Management Issue Vulnerability

The WAGO 750-88x Series and WAGO 750-87x Series are both products of WAGO, Germany.The WAGO 750-88x Series is a 750-88x series programmable logic controller.The WAGO 750-87x Series is a 750-87x series programmable logic controller. A trust management issue vulnerability exists in the WAGO Series...

WAGO Series 750-88x and 750-87x

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: WAGO Equipment: Series 750-88x and 750-87x Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION This vulnerability allows a remote attacker to change the settings or alter the...

Ubiquiti Networks EdgeSwitch X Access Control Error Vulnerability

The Ubiquiti Networks EdgeSwitch is a Gigabit network switch device from Ubiquiti Networks, Inc. A trust management issue vulnerability exists in Ubiquiti Networks EdgeSwitch X v1.1.0 and prior versions. The vulnerability stems from the lack of an effective trust management mechanism in the netwo...

Siemens SIMATIC Panels and WinCC (TIA Portal)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC Runtime Advanced, WinCC Runtime Professional, WinCC TIA Portal; HMI Panels Vulnerabilities: Use of Hard-coded Credentials, Insufficient Protection of Credentials,...

MyCar Controls uses hard-coded credentials

Overview The MyCar Controls mobile applications prior to v3.4.24 on iOS and prior to v4.1.2 on Android contains hard-coded admin credentials. Description MyCar is a small aftermarket telematics unit from AutoMobility Distribution Inc. MyCar add smartphone-controlled geolocation, remote start/stop...