CVE-2025-62777

Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands...

CVE-2025-62777

Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands...

MZK-DP300N uses hard-coded credentials

Overview MZK-DP300N provided by PLANEX COMMUNICATIONS INC. contains the following vulnerability. Use of hard-coded credentials CWE-798 - CVE-2025-62777 Toshiki Iwasaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

CVE-2025-62777

The CVE-2025-62777 entry concerns Planex MZK-DP300N, affected when using firmware versions 1.07 and earlier. The underlying issue is hard-coded credentials, which could allow an attacker on the local network to log in via Telnet and execute arbitrary commands. Mitigation is to update the device f...

CVE-2025-62777

Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands...

EUVD-2025-36436

Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands...

CVE-2025-62777

Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands...

PT-2025-44085

Name of the Vulnerable Software and Affected Versions MZK-DP300N versions 1.07 and earlier Description A security issue exists due to the use of hard-coded credentials. This may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands...

CVE-2025-41109 Use of Hard-coded Credentials vulnerability in Ghost Robotics' Vision 60

Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot'...

CVE-2025-41109 Use of Hard-coded Credentials vulnerability in Ghost Robotics' Vision 60

Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot'...

CVE-2025-41109

CVE-2025-41109 affects Ghost Robotics Vision 60 (v0.27.2). The issue arises from lack of authentication for physical interfaces (three RJ45s and a USB-C port). The device’s internal router automatically assigns IPs to any physically connected equipment, enabling an attacker who controls a rogue W...

Reolink desktop application 安全漏洞

Reolink desktop application is a security camera monitoring software from Reolink USA. A security vulnerability exists in Reolink desktop application version 8.18.12, which stems from the use of hard-coded credentials as initialization vectors in the AES-CFB encryption implementation, which could...

Work Examiner Professional 安全漏洞

Work Examiner Professional is an employee computer monitoring software from Work Examiner USA. A security vulnerability exists in Work Examiner Professional that stems from the use of weakly hard-coded credentials by the FTP server, which could lead to data modification or reading and remote code...

Vulnerabilities fixed in Moxa's network security devices

Moxa has fixed vulnerabilities in their network security devices. The vulnerabilities in Moxa's network security devices include improper authorization that allows unauthorized access to protected API endpoints, as well as an issue with access control mechanisms that can lead to privilege...

CVE-2025-6950

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens JWT used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid...

CVE-2025-6950

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens JWT used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid...

CVE-2025-6950

CVE-2025-6950 affects Moxa network security appliances and routers. The flaw is use of a hard-coded key to sign JWTs, enabling an unauthenticated attacker to forge tokens and impersonate any user, leading to complete compromise of the affected device (confidentiality, integrity, availability). Th...

EUVD-2025-34856

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens JWT used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid...

CVE-2025-6950

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens JWT used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid...

CVE-2025-6950

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens JWT used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid...