D-Link DGS-1100 Switch Local Hardcoded SSL Certificate Vulnerability

The D-Link DGS-1100 is an Ethernet switch from AUO D-Link. A security vulnerability exists in D-Link DGS-1100 devices using firmware version 1.01.018, which originates from a program using a hard-coded SSL private key. An attacker can exploit the vulnerability by hijacking an HTTPS session to...

FTC: D-Link Failed to Secure Routers, IP Cameras

The Federal Trade Commission acknowledged on Thursday that it takes the security of the so-called internet of things seriously when it leveraged a complaint against one of the more popular router manufacturers. The lawsuit, filed at the U.S. District Court for the Northern District of California,...

SAP Download Manager Information Disclosure Vulnerability

SAP Download Manager is the German SAP SAP company developed a set of Java applications for downloading software packages and support comments. A security vulnerability exists in SAP Download Manager version 2.1.142 and prior versions, which arises from the program's use of a hard-coded encryptio...

PT-2016-2997 · Siemens · Sicam Pas

Name of the Vulnerable Software and Affected Versions: Siemens SICAM PAS versions prior to 8.00 Description: The issue is related to a factory account with hard-coded passwords in SICAM PAS installations. This could allow attackers to gain privileged access to the database over Port 2638/TCP. The...

Advantech SUSIAccess Server Local Elevation of Privilege Vulnerability

SUSIAccess is an easy-to-use remote device management software solution. A local elevation of privilege vulnerability exists in Advantech SUSIAccess Server. Since the admin password is stored on the system and encrypted using a hard-coded static key in the program. An attacker can exploit the...

IBM BigFix Remote Controll Local Information Disclosure Vulnerability

IBM BigFix Remote Control is a set of remote control systems from IBM in the United States. A security vulnerability exists in IBM BigFix Remote Control 9.1.2 and earlier versions. A local attacker could exploit the vulnerability to discover hard-coded credentials...

Siemens SICAM PAS Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-336-01 Siemens SICAM PAS Vulnerabilities that was published December 1, 2016, on the NCCIC/ICS-CERT web site. Siemens has released an advisory to inform its users on how to mitigate vulnerabilities that affect...

SIEMENS SICAM PAS Arbitrary File Access Vulnerability

SICAM PAS is an energy automation solution for the operation of substation equipment. It has open communication interfaces for power system control and control of industrial power supply equipment. An arbitrary file access vulnerability exists in SIEMENS SICAM PAS. Due to the use of hard-coded...

Crestron AM-100 1.2.1 Path Traversal / Hard-Coded Credentials

================================================================= Crestron AM-100 Multiple Vulnerabilities ================================================================= Date: 2016-08-01 Exploit Author: Zach Lanier Vendor Homepage: https://www.crestron.com/products/model/am-100 Version:...

AMX Multiple Products Credential Management Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-049-02 AMX Multiple Products Credential Management Vulnerabilities that was published February 18, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- ICS-CERT has become aware of...

Lynxspring JENEsys BAS Bridge Authentication Bypass Vulnerability

Lynxspring is a US based company.BAS Bridge is a web based SCADA system.BAS servers are deployed in areas such as commercial facilities, manufacturing, energy, water and wastewater systems and many more. An authentication bypass vulnerability exists in Lynxspring JENEsys BAS Bridge. Due to the la...

Fortinet FortiWLC Hard-Coded Security Bypass Vulnerability

Fortinet FortiWLC is a wireless controller from Fortinet. A security bypass vulnerability exists in the hardcoding of the Fortinet FortiWLC, which could be exploited by an attacker to gain access to the system and obtain sensitive information...

Django Hardcoded Password Security Bypass Vulnerability

Django is a set of Django Software Foundation based on the Python language open source Web application framework. The framework includes object-oriented mapper , view system , template system and so on. Django has a hard-coded password security bypass vulnerability that can be exploited by an...

Westermo Industrial Switch Hard-coded Certificate Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-028-01 Westermo Industrial Switch Hard-Coded Certificate Vulnerability that was published January 28, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Neil Smith has identified a hard-coded certifica...

InfraPower PPS-02-S Q213V1 Hard-Coded Credentials Remote Root

InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a FREE built-i...

InfraPower PPS-02-S Q213V1 - Hard-Coded Credentials Vulnerability

Exploit for hardware platform in category remote exploits InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware:...

InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

InfraPower PPS-02-S Q213V1 - Hard-Coded Credentials

InfraPower PPS-02-S Q213V1 - Hard-Coded Credentials InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03...

InfraPower PPS-02-S Q213V1 - Hard-Coded Credentials

InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a FREE built-i...

Huawei OceanStor 5600 Product Hardcoded SSH Key Vulnerability

Huawei OceanStor 5600 is a storage product from Huawei China. The Huawei OceanStor 5600 product suffers from a hard-coded SSH key vulnerability. The SSH protocol is used for encrypted communication between the nodes of the device, and since the SSH public and private keys are stored in hard-coded...