3819 matches found
Moxa OnCell Central Manager Server RequestController Remote Code Execution Vulnerability
Moxa OnCell Central Manager provides Web access to private IP network devices. A security vulnerability exists in the RequestController class of Moxa OnCell Central Manager in the login function that contains hard-coded credentials, which can be exploited by an attacker to compromise the affected...
(0Day) Moxa OnCell Central Manager Server RequestController Static Credentials Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa OnCell Central Manager Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RequestController class. The specific flaw exists within the...
GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Remote Code Execution Vulnerability
GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are both products of General Electric Company GE, U.S.A. GE Digital Energy MDS PulseNET is a suite of software applications for monitoring and controlling industrial communication network devices. Enterprise is an enterprise version of MD...
Adcon Telemetry A840 Vulnerabilities
OVERVIEW Independent researcher Aditya K. Sood has identified vulnerabilities in Adcon Telemetry’s A840 Telemetry Gateway Base Station. Adcon Telemetry has stated that the A840 is an obsolete product and is no longer supported. No patches or updates will be created for this product. Adcon Telemet...
TP-Link NC200/NC220 无线网络云摄像头硬编码漏洞
TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: NC220 V1 1.0.28 Build 150629 Rel.22346 NC200 V1 2.0.15 Build 150701 Rel.20962 Summary: Designed with simplicity in mind, TP-LINK's...
TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials Vulnerability
NC220 and NC200 utilizes hard-coded credentials within its Linux distribution image. These sets of credentials root:root are never exposed to the end-user and cannot be changed through any normal operation of the camera. TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials Vendor...
TP-Link NC200NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials
TP-Link NC200NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: NC220 V1 1.0.28 Build 150629 Rel.22346 NC200 V1 2.0.15 Buil...
TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials
TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: NC220 V1 1.0.28 Build 150629 Rel.22346 NC200 V1 2.0.15 Build 150701 Rel.20962 Summary: Designed with simplicity in mind, TP-LINK's...
TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials
TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: NC220 V1 1.0.28 Build 150629 Rel.22346 NC200 V1 2.0.15 Build 150701 Rel.20962 Summary: Designed with simplicity in mind, TP-LINK's...
TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials
Summary Designed with simplicity in mind, TP-LINK's Cloud Cameras are a fast and trouble free way to keep track on what's going on in and around your home. Video monitoring, recording and sharing has never been easier with the use of TP-LINK’s Cloud service. The excitement of possibilities never...
Warning! Seagate Wireless Hard Drives Have a Secret Backdoor for Hackers
Several of Seagate's 3rd generation Wireless Hard drives have a secret backdoor for hackers that puts users' data at risk. A Recent study done by the security researchers at Tangible Security firm disclosed an “undocumented Telnet services” with a hard-coded password in Seagate Wireless Hard...
Seagate and LaCie wireless storage products contain multiple vulnerabilities
Overview Multiple Seagate wireless storage products contain multiple vulnerabilities. Description CWE-798: Use of Hard-coded Credentials - CVE-2015-2874 Some Seagate wireless storage products provide undocumented Telnet services accessible by using the default credentials of 'root' as username an...
Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities
Overview The Phillipine Long Distance Telephone PLDT company provides internet access in the Phillippines. The SpeedSurf 504AN and Kasda KW58293 modems distributed by PLDT contain multiple vulnerabilities. The BaudTec ADSL2+ Router may also be affected. Description PLDT provides SpeedSurf 504AN,...
Moxa OnCell Central Manager Vulnerabilities
OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning hardcoded credentials and authentication bypass vulnerabilities in Moxa’s OnCell Central Manager Software. These vulnerabilities were reported to ZDI by security researcher Andrea Micalizzi. Moxa has released a...
CERT Warns of Hard-Coded Credentials in DSL SOHO Routers
DSL routers from a number of manufacturers contain hard-coded credentials that could allow a hacker to access the devices via telnet services and remotely control them. An advisory published Tuesday by the DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University said...
DSL routers contain hard-coded "XXXXairocon" credentials
Overview DSL routers by ASUS, DIGICOM, Observa Telecom, Philippine Long Distance Telephone PLDT, and ZTE contain hard-coded "XXXXairocon" credentials Description CWE-798: Use of Hard-coded Credentials DSL routers, including the ASUS DSL-N12E, DIGICOM DG-5524T, Observa Telecom RTA01N, Philippine...
Xceedium Xsuite Hardcoded Credentials Vulnerability
Xceedium Xsuite is a unified identity management solution from Xceedium that provides access control, monitoring and logging capabilities for hybrid cloud environments. The solution supports access control policies based on roles or individual users. Xceedium Xsuite suffers from a hard-coded...
Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities
Overview Mobile Devices C4 OBD2 dongle, and potentially other rebranded devices, contains multiple vulnerabilities Description The Mobile Devices C4 OBD2 dongle is the base model for several rebranded consumer devices, such as the Metromile pay-by-mile insurance dongle. These devices are plugged...
Sierra Wireless GX, ES, and LS gateways running ALEOS contain hard-coded credentials
Overview Sierra Wireless GX, ES, and LS gateway devices running ALEOS versions 4.4.1 and earlier contain hard-coded credentials. Description CWE-259: Use of Hard-coded Password - CVE-2015-2897Sierra Wireless GX, ES, and LS gateways running ALEOS contain multiple hard-coded accounts with root...
[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection
Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last update: 2015-07-08 Vendors contacted: AirLink101...