CVE-2017-8077

The CVE-2017-8077 issue affects the TP-Link TL-SG108E (firmware 1.1.2 Build 20141017 Rel.50749, 1.0). A hard-coded ciphering key (starts with Ei2HNryt) in the firmware is cited as the root cause. Red Hat and CNVD entries corroborate a vulnerability due to hard-coded encryption keys, with document...

Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability

Summary An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged root account with hard-coded credentials, giving attackers full control of affected devices...

Schneider Electric SoMachine Basic and Schneider Electric Modicon TM221CE16R Security Bypass Vulnerability

Schneider Electric SoMachine Basic and Schneider Electric Modicon TM221CE16R are both products of Schneider Electric France. The former is a programming and debugging interface for all components on the control platform; the latter is a programmable controller. A security vulnerability exists in...

Multiple Marel Products Security Bypass Vulnerabilities

The Marel SensorX25 X-ray Machine and other products from Marel Iceland are used in the medical industry to provide a wide range of medical tests. A security bypass vulnerability exists in a number of Marel products and stems from the program's use of hard-coded certificates. A remote attacker...

Schneider Electric Modicon M221 PLCs and SoMachine Basic (Update A)

CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: Modicon M221 PLCs and SoMachine Basic Vulnerability: Use of Hard-Coded Cryptographic Key, Protection Mechanism Failure UPDATE INFORMATION This updated...

Hardcoded Credentials Vulnerability in Multiple Foscam Devices

Foscam is the world's leading provider of home security IP cameras. A security vulnerability exists in the use of the same hard-coded SSL private key for Foscam networked devices across different customer installations. A remote attacker could utilize another installation with knowledge of this k...

Intellinet NFC-30IR Camera - Multiple Vulnerabilities

Bitcrack Cyber Security - BitLabs Advisory http://www.bitcrack.net Multiple Vulnerabilities in Intellinet NFC-30IR Network Cameras ADVISORY -------- Title: Local File Inclusion in CGI-SCRIPT & Hard-Coded Manufacturer Backdoor Advisory ID: BITL-17-001 Date published: 2017-04-05 Date of last update...

Intellinet NFC-30IR Camera - Multiple Vulnerabilities

Intellinet NFC-30IR Camera - Multiple Vulnerabilities Bitcrack Cyber Security - BitLabs Advisory http://www.bitcrack.net Multiple Vulnerabilities in Intellinet NFC-30IR Network Cameras ADVISORY -------- Title: Local File Inclusion in CGI-SCRIPT & Hard-Coded Manufacturer Backdoor Advisory ID:...

Schneider Modicon M221CE16R Hard-Coded Vulnerability

The Modicon M221CE16R is an all-in-one programmable controller from Schneider Electric Co. The Schneider Modicon M221CE16R is vulnerable to a hard-coded vulnerability where XML files are AES-CBC encrypted, but the key used for encryption is hard-coded and cannot be changed. After decrypting the X...

Marel Food Processing Systems (Update A)

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Marel Equipment: Food Processing Systems Vulnerabilities: Hard-Coded Passwords, Unrestricted Upload, Improper Access Control UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

Marel Food Processing Systems (Update B)

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Marel Equipment: Food Processing Systems Vulnerabilities: Hard-Coded Passwords, Unrestricted Upload, Improper Access Control UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled...

Marel Food Processing Systems

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Marel Equipment: Food Processing Systems Vulnerabilities: Hard-Coded Passwords, Unrestricted Upload AFFECTED PRODUCTS The following Marel food processing products are affected: M3000 terminal associated with the...

CVE-2014-9931

A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value...

Github Enterprise Default Session Secret And Deserialization

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Github Enterprise Default Session Secret And Deserialization Vulnerability", 'Description' = %q This module exploits two securi...

Github Enterprise - Default Session Secret and Deserialization (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Github Enterprise Default Session Secret And Deserialization Vulnerability", 'Description' = %q This module exploits two securi...

ICSMA-17-082-01_BD Kiestra PerformA and KLA Journal Service Applications Hard-Coded Passwords Vulnerability

OVERVIEW Becton, Dickinson and Company BD has identified a hard-coded password vulnerability in BD’s Kiestra PerformA and KLA Journal Service applications that access the BD Kiestra Database. BD has produced compensating controls to reduce the risk of exploitation of the identified vulnerability ...

Hard-coded credential vulnerability in multiple Veritas products

Veritas NetBackup Appliance is an enterprise-class backup management appliance; NetBackup Server is a set of enterprise-class backup management servers that can run on multiple operating systems. A hard-coded credential vulnerability exists in multiple Veritas products. An attacker could exploit...

WePresent WiPG-1500 Backdoor Vulnerability

WePresent WiPG-1500 is a new gateway by AWIND, WiPG-1500 connects multi-platform devices Windows / Mac / Pad / Smartphone / AirPad for interactive presentations by supporting finger touch technology and virtual whiteboard. WePresent WiPG-1500 has a backdoor vulnerability. An attacker can connect ...

IBM QRadar SIEM Local Hardcoded Credential Information Disclosure Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A local hard-coded...

Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches Hard-Coded Encryption Key Vulnerability

Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches are both industrial Ethernet managed switches from Red Lion Controls, USA. A hard-coded encryption key vulnerability exists in Red Lion Controls Sixnet-Managed Industrial Switches version 5.0.196 and earlier...