CVE-2019-10479

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface...

CVE-2019-10479

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface...

CVE-2019-10479

The CVE-2019-10479 entry concerns Glory RBW-100 devices running ISP-K05-02 7.0.0 firmware, where a hard-coded username and password allow a remote attacker to gain admin access to the Front Circle Controller web interface. The vulnerability enables full administrative privileges (impact: high/cri...

NC450 1.5.0 Build 181022 Rel.3A033D Hardcoded Credentials

Summary: The NC450 is your favorable companion that meets to home and office surveillance needs, keeping you in touch with what matters most. With its smooth and durable Pan/Tilt of up to 300/110 degrees, you can turn the camera to almost any position you want and watch over a wider area of your...

Hardcoded credentials

Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new...

CVE-2014-5434

Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new...

CVE-2014-5434

The CVE-2014-5434 entry concerns Baxter’s SIGMA Spectrum Infusion System: version 6.05 (model 35700BAX) with Wireless Battery Module (WBM) version 16, which contains a default, hard-coded credential used with FTP. The vulnerability allows remote access in some vectors (three vulnerabilities remot...

CVE-2019-3497

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authenticatio...

CVE-2019-3496

An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostictoolscontroller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authenticati...

CVE-2019-3495

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be...

CVE-2019-3497

The CVE-2019-3497 issue affects Wifi-soft UniBox controller 0.x–2.x. The Diagnostic Tools’ tools/ping feature is vulnerable to Remote Command Execution, enabling an attacker to run arbitrary system commands as root. Authentication for this component can be bypassed using hard-coded credentials. T...

CVE-2019-3497

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authenticatio...

CVE-2019-3496

An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostictoolscontroller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authenticati...

CVE-2019-3496

The CVE-2019-3496 entry describes a Remote Command Execution vulnerability in Wifi-soft UniBox controller 3.x, specifically affecting the Diagnostic Tools Controller at tools/controller/diagnostic_tools_controller. The flaw allows an attacker to execute arbitrary system commands with root privile...

CVE-2019-3495

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be...

CVE-2019-3495

The CVE-2019-3495 entry describes a vulnerability in Wifi-soft UniBox controller (0.x–2.x) where the component network/mesh/edit-nds.php allows arbitrary file upload, enabling an attacker to upload .php files and execute code on the server with root privileges. Authentication to access this compo...

CVE-2019-3918

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces...

CVE-2019-3918

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces...

CVE-2019-3918

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces...

CVE-2019-3918

The CVE-2019-3918 entry concerns the Alcatel Lucent I-240W-Q GPON ONT with firmware 3FE54567BOZJ19, which contains multiple hard coded credentials for Telnet and SSH interfaces. The vulnerability is supported by multiple sources: NVD details show a network-facing issue with high impact (C/H/I/A) ...