Hard-coded credentials vulnerability in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains hard-coded credentials. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

Hard-coded credentials vulnerability in Toshiba Home gateway HEM-GW16A firmware

TOSHIBA Home Gateway HEM-GW26A and TOSHIBA Home Gateway HEM-GW16A are both home gateway products from Toshiba Japan. A hard-coded credentials vulnerability exists in the TOSHIBA Home Gateway HEM-GW26A using firmware version HEM-GW26A-FW-V1.2.0 and earlier and the TOSHIBA Home Gateway HEM-GW16A...

JVN#85901441: Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Non-documented developer's screen CWE-912 - CVE-2017-2234 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N| Base Score: 2.4 CVSS v2|...

CVE-2016-8731

Hard-coded FTP credentials r:r are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device...

CVE-2016-8731

CVE-2016-8731 affects Foscam C1 IP Camera firmware 1.9.1.12, where hard-coded FTP credentials (user: r, pass: r) allow remote FTP access to the camera if port 50021 is reachable. Public analysis confirms the vulnerability enables remote login to the camera’s FTP service and mounted SD card, with ...

PT-2017-9770 · Foscam · Foscam C1

Name of the Vulnerable Software and Affected Versions: Foscam C1 version 1.9.1.12 Description: The issue concerns hard-coded FTP credentials, specifically r:r, included in the firmware. This could allow remote access to cameras connected to the internet without port 50021 blocked by an intermedia...

finecmsV5.0.8 \finecms\dayrui\controllers\Api.php getshell

Vulnerability in the C:\phpStudy\WWW\finecms\dayrui\controllers\Api. in php data2 function, approximately in the line 115, the problematic code about 178 rows public function data2 $data = array; // Route authentication if defined'SYSREFERER' && strlenSYSREFERER $http = $SERVER'HTTPREFERER' ?...

Cisco Elastic Services Controller Default Administrator Credentials Vulnerability

Cisco Elastic Services Controller is a cloud and systems management solution. Cisco Elastic Services Controllers has a security vulnerability in the ConfD CLI implementation that stems from the presence of a default, weak, hard-coded password for the admin user on the affected system. A remote...

Schneider Electric U.motion Builder Embedded Session ID Authentication Bypass Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A session ID authentication bypass vulnerability exists in Schneider Electric U.motion Builder Embedded. The application has a hard-coded static session ID.By embedding the session ID in an HTTP cookie, an attacker can bypass t...

Schneider Electric U.motion Builder Hardcoded Remote Code Execution Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A hard-coded remote code execution vulnerability exists in Schneider Electric U.motion Builder. The web service comes with a hidden system account that contains hard-coded passwords. An attacker could exploit the vulnerability ...

(0Day) Schneider Electric U.motion Builder Hard-Coded Password Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. The specific flaw exists within the configuration of the product. The web service comes with a hidden system account with a hard-coded password. An attacker can...

Foscam camera FTP server account hard-coded password vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera FTP server account has a hard-coded password vulnerability due to the built-in FTP user password being hard-coded and empty. An attacker can exploit the...

Hard-coded Passwords Make Hacking Foscam ‘IP Cameras’ Much Easier

Security researchers have discovered over a dozen of vulnerabilities in tens of thousands of web-connected cameras that can not be protected just by changing their default credentials. Vulnerabilities found in two models of IP cameras from China-based manufacturer Foscam allow attackers to take...

Cisco Elastic Services Controller Insecure Default Credentials Vulnerability

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user. The vulnerability is due to the existence of a default, weak, hard-coded password for the Linux admin user of an affected system. A successf...

Cisco Ultra Services Framework Element Manager Insecure Default Credentials Vulnerability

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device. The vulnerability is due to weak, hard-coded credentials of the admin and oper user...

CVE-2017-6039

A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device...

CVE-2017-6039

A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device...

CVE-2017-6039

A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device...

CVE-2017-6039

CVE-2017-6039 affects Phoenix Broadband PowerAgent SC3 BMS (PowerAgent SC3 Site Controller). The root cause is a hard-coded password in all versions prior to v6.87, enabling unauthorized access to the device. The vulnerability is described as remote, with CVSSv3 base score 5.3 (AV:N/AC:L/PR:N/UI:...

Phoenix Broadband Technologies LLC PowerAgent SC3 Site Controller

CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Phoenix Broadband Technologies LLC Equipment: PowerAgent SC3 Site Controller Vulnerability: Use of Hard-Coded Password AFFECTED PRODUCTS Phoenix Broadband Technologies LLC reports that the following versions of...