ZModo ZP-NE14-S DVR and ZP-IBH-13W Recorder Security Bypass Vulnerability

The ZModo ZP-NE14-S DVR and the ZModo ZP-IBH-13W are both digital video recorders from ZModo China. A security bypass vulnerability exists in the ZModo ZP-NE14-S DVR and ZP-IBH-13W video recorders, which stems from the program's use of hard-code certificates. A remote attacker could exploit the...

Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials

Overview The Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials and run telnet by default. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-5081According to the reporter, the Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain undocumented credentials for...

AB Rockwell Automation MicroLogix 1400 Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0184 AB Rockwell Automation MicroLogix 1400 Code Execution Vulnerability August 11, 2016 CVE Number CVE-2016-5645 Description An exploitable Use of Hard-coded Credentials Undocumented Community String vulnerability exists in the SNMP functionality of...

Crestron Electronics DM-TXRX-100-STR Hardcoded Password Vulnerability

The Crestron Electronics DM-TXRX-100-STR is a multimedia streaming codec. The Crestron Electronics DM-TXRX-100-STR 1.3039.00040 has a hard-coded password for the admin account. This could allow a remote attacker to gain access through the web management interface...

Crestron Electronics DM-TXRX-100-STR Man-in-the-Middle Attack Vulnerability

The Crestron Electronics DM-TXRX-100-STR is a multimedia streaming codec. The Crestron Electronics DM-TXRX-100-STR 1.3039.00040 uses a hard-coded X.509 certificate from the OpenSSL Test Certification Authority. This allows a man-in-the-middle attacker to spoof a server and obtain sensitive...

Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities

Overview Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and...

Iris ID IrisAccess iCAM4000iCAM7000 - Hard-Coded Credentials Remote Shell Access

Iris ID IrisAccess iCAM4000iCAM7000 - Hard-Coded Credentials Remote Shell Access Iris ID IrisAccess iCAM4000/iCAM7000 Hardcoded Credentials Remote Shell Access Vendor: Iris ID, Inc. Product web page: http://www.irisid.com http://www.irisid.com/productssolutions/irisaccesssystem/irisaccess4000/...

Schneider Electric PowerLogic PM8ECC Hard-coded Password Vulnerability

OVERVIEW Independent researcher He Congwen has identified a hard-coded password vulnerability in Schneider Electric’s PowerLogic PM8ECC device. Schneider Electric has produced a patch to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following...

Unspecified Vulnerability in Schneider Electric Pelco Digital Sentry Video Management System

Schneider Electric Pelco Digital Sentry Video Management System is a video recording system from Schneider Electric France. A security vulnerability exists in the Schneider Electric Pelco Digital Sentry Video Management System using firmware prior to version 7.13, which stems from the program's u...

GSX Analyzer 10.1211 - main.swf Hard-Coded Superadmin Credentials

GSX Analyzer 10.1211 - main.swf Hard-Coded Superadmin Credentials Exploit Title: GSX Analyzer hardcoded superadmin credentials in Main.swf Google Dork: inurl:"/Main.swf?cachebuster=" need to manually look for stringtitle "Loading GSX Analyzer ... 0%" Date: 12-07-16 Exploit Author: ndevnull Vendor...

GSX Analyzer 10.12/11 - 'main.swf' Hard-Coded Superadmin Credentials

Exploit Title: GSX Analyzer hardcoded superadmin credentials in Main.swf Google Dork: inurl:"/Main.swf?cachebuster=" need to manually look for stringtitle "Loading GSX Analyzer ... 0%" Date: 12-07-16 Exploit Author: ndevnull Vendor Homepage: http://www.gsx.com/products/gsx-analyzer Software Link:...

Trane ComfortLink II Privilege Access Vulnerability

Trane ComfortLink II is a set of connection control components for use in home intelligence systems from Trane UK. A privilege-acquisition vulnerability exists in the Trane ComfortLink II using firmware version 2.0.2, which originates from the program's installation of user credentials with a...

Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass

Overview The Netgear D6000 and D3600 routers are vulnerable to authentication bypass and contain hard-coded cryptographic keys embedded in their firmware. Description CWE-321: Use of Hard-coded Cryptographic Key -- CVE-2015-8288The firmware for these devices contains a hard-coded RSA private key,...

IBM Security Guardium Database Activity Monitor Information Disclosure Vulnerability

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. A security vulnerability exists in IBM Security Guardium Database...

Fonality FTP Hardcoding Vulnerability

Fonality is an open source telephone switch solution with integrated VoIP and CRM features. Fonality FTP uses hard-coded usernames and passwords with a security vulnerability that allows remote attackers to log in as 'nobody' and obtain a shell...

Configuration option control vulnerability in various GE products

GE ML800 and others are Ethernet switch products from General Electric GE. Various GE products use hard-coded certificates, allowing a remote attacker to exploit the vulnerability to gain administrator privileges for device configuration and control all available configuration options through a w...

Fonality contains a hard-coded password and embedded SSL private key

Overview Fonality previously trixbox Pro version 12.6 and later uses a hard-coded password, and the accompanying HUDweb plugin embeds a private SSL key. Description CWE-259: Use of Hard-coded Password - CVE-2016-2362According to the reporter, FTP is used to sync phone configurations for users, by...

Lorex ECO DVR Backdoor Account

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 1. ADVISORY INFORMATION ======================= Product: Lorex ECO DVR Vendor URL: https://www.lorextechnology.com/ Type: Hard coded password CWE-259 Date found: 2016-05-04 Date published: 2016-05-30 CVE: - 2. CREDITS ========== This vulnerability w...

MEDHOST Perioperative Information Management System Unauthorized Operation Vulnerability

MEDHOST Perioperative Information Management System PIMS is a suite of solutions covering surgical treatment, nursing care and other services from MEDHOST, Inc. that includes an anesthesia information management system AIMS, remote host control and streamlined patient tracking. A security...

MEDHOST Perioperative Information Management System contains hard-coded database credentials

Overview MEDHOST Perioperative Information Management System PIMS versions prior to 2015R1 contain hard-coded credentials that are used for customer database access. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-4328MEDHOST PIMS, previously branded as VPIMS, contains hard-coded...