EUVD-2025-205867

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. T...

CVE-2025-15371

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. T...

CVE-2025-15371 Tenda i24 Shadow File hard-coded credentials

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. T...

CVE-2025-15371 Tenda i24 Shadow File hard-coded credentials

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. T...

CVE-2025-15371

Affected products: Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to version 65.10.15.6. Root cause: manipulation of the Shadow File component via input Fireitup, enabling hard-coded credentials. Local access required. Public exploit details exist. Remediation: upgrade to a...

EUVD-2023-60534

Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms...

PT-2025-54267

Name of the Vulnerable Software and Affected Versions Tenda i24 versions prior to 65.10.15.7 Tenda 4G03 Pro versions prior to 65.10.15.7 Tenda 4G05 versions prior to 65.10.15.7 Tenda 4G08 versions prior to 65.10.15.7 Tenda G0-8G-PoE versions prior to 65.10.15.7 Tenda Nova MW5G versions prior to...

PT-2025-54425

Name of the Vulnerable Software and Affected Versions Cypress Solutions CTM-200/CTM-ONE version 1.3.6 Description The software contains a hard-coded credential issue in its Linux distribution, exposing root access. An attacker can exploit the static password 'Chameleon' to gain remote root access...

Tenda多款产品 信任管理问题漏洞

Tenda i24 and others are products of Tenda, a Chinese company. tenda i24 is a wireless router. tenda 4G03 is a wireless router tenda 4G05 is a wireless router. A trust management issue vulnerability exists in various Tenda products.The vulnerability stems from incorrect operation of the Shadow Fi...

Cypress CTM-ONE 信任管理问题漏洞

The Cypress CTM-ONE is a wireless LTE gateway from Cypress Canada. A trust management issue vulnerability exists in Cypress CTM-ONE version 1.3.6, which stems from the presence of hard-coded credentials in the Linux distribution that could allow an attacker to gain remote root access...

CVE-2023-53983

Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms...

PT-2025-54252

Name of the Vulnerable Software and Affected Versions Anevia Flamingo XL/XS version 3.6.20 Description The software contains a critical issue involving weak default administrative credentials. Attackers can easily guess these credentials to gain full remote system control without complex...

SOUND4多款产品 信任管理问题漏洞

SOUND4 IMPACT and others are products of SOUND4, a French company.SOUND4 IMPACT is a professional broadcast audio processor.SOUND4 FIRST is an audio processor for broadcasting.SOUND4 PULSE is an audio processor. A trust management issue vulnerability exists in various SOUND4 products that stems...

CVE-2019-25241

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

CVE-2019-25241

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

CVE-2018-25138

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

CVE-2018-25138

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

CVE-2019-25241 FaceSentry Access Control System 6.4.8 Remote SSH Root Access

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

CVE-2018-25138 FLIR AX8 Thermal Camera 1.32.16 Hard-Coded Credentials Authentication Bypass

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

CVE-2018-25138 FLIR AX8 Thermal Camera 1.32.16 Hard-Coded Credentials Authentication Bypass

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...