GE MultiLink Series Hard-coded Credential Vulnerability

OVERVIEW GE has identified a hard-coded credential vulnerability in GE’s MultiLink series managed switches. GE has produced new firmware versions to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following MultiLink products are affected: GE ML8...

Monkey race ray! RSA conference badge scanning application broke vulnerability-vulnerability warning-the black bar safety net

Recently, the BLUE BOX company's security researchers found: RSA 2 0 1 6 The General Assembly on the use of badge scanning APP there is a hard-coded default passwords. This year, RSA 2 0 1 6 The participants will get a unique surprise: the General Assembly, as many manufacturers offer a Samsung...

Netis/Netcore Router Hard-Coded Backdoor

A backdoor in Netis/Netcore routers has been reported. The routers are protected by a single hard-coded password. The exploitation of this backdoor could compromise the network protected by the device...

Sixnet BT Series Hard-coded Credentials Vulnerability

OVERVIEW Independent researcher Neil Smith has identified a hard-coded credential vulnerability in Sixnet’s BT series routers. Sixnet has produced patches and new firmware to mitigate this vulnerability. This vulnerability could be exploited remotely. Exploits that target this vulnerability are...

QNAP Systems iArtist Lite Hardcoding Vulnerability

QNAP Systems iArtist Lite is a suite of ad editing software for QNAP NAS. QNAP Systems iArtist Lite uses hard-coded FTP accounts and passwords, allowing remote attackers to sniff the network for FTP transfer data...

QNAP Signage Station and iArtist Lite contain multiple vulnerabilities

Overview The QNAP Signage Station prior to version 2.0.1 and the accompanying iArtist Lite application contain multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE-2015-6022An authenticated attacker without administrative permissions may upload a...

D-Link DVG-N5402SP Privilege Acquisition Vulnerability

The D-Link DVG-N5402SP is a wireless router product from AUO D-Link for voice, fax and shared wireless Internet over IP networks. A security vulnerability exists in the D-Link DVG-N5402SP that stems from the program's use of hard-coded certificates. An attacker could exploit the vulnerability to...

AMX Multiple Products Credential Management Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-049-02 AMX Multiple Products Credential Management Vulnerabilities that was published February 18, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- ICS-CERT has become aware of...

Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials

Overview Digital Video Recorders DVRs, security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password. Description CWE-259: Use of Hard-coded Password- CVE-2015-8286 According to the reporter, DVR devices bas...

Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password

Overview Swann network video recorder NVR devices contain a hard-coded password and do not require authentication to view the video feed when accessing from specific URLs. Description CWE-259: Use of Hard-coded Password - CVE-2015-8286 According to the researcher, the Swann SRNVW-470LCD and Swann...

The vulnerability of the microprogramming software in the remote control system for solar panels, SMA Solar Sunny WebBox, allows a intruder to gain access to the device.

The vulnerability of the microprogramming software in the SMA Solar Sunny WebBox remote control system includes hard-coded default passwords. Exploiting this vulnerability could allow a malicious actor to gain access to the device remotely...

MGASA-2016-0053 Updated socat packages fix security vulnerability

In socat before 2.0.0-b9, in the OpenSSL address implementation, the hard coded 1024 bit DH p parameter was not prime. It may be possible for an eavesdropper to recover the shared secret from a key exchange CVE-2016-2217. In socat before 2.0.0-b9, a stack overflow vulnerability was found that can...

OpenELEC and RasPlex have a hard-coded SSH root password

Overview OpenELEC and derivatives utilize a hard-coded default root password, and enable SSH root access by default. Description CWE-259: Use of Hard-coded Password OpenELEC has a hard-coded root password. The root partition is by default read-only, preventing a user from changing the password on...

Westermo Industrial switches hard-coded certificate vulnerability

Westermo Industrial Switches is an industrial Ethernet switch product from Westermo, Sweden. A security vulnerability exists in Westermo Industrial switches that allows remote attackers to conduct man-in-the-middle attacks and gain unauthorized access to the device...

Unspecified Vulnerability in Harman AMX

Harman AMX is a series of conversion controller products from Harman USA. A security vulnerability exists in the 'setUpSubtleUserAccount' function in the /bin/bw URI in versions of Harman AMX prior to 2016-01-20, which stems from the use of a hard-coded password for the 1MB@tMaN account. A remote...

Cisco Modular Encoding Platform D9036 Software Insecure Default Password Vulnerability

Cisco Modular Encoding Platform D9036 Software is the United States Cisco Cisco based on the D9036 modular encoding platform for improving video quality application software. A security vulnerability exists in versions of Cisco Modular Encoding Platform D9036 Software prior to 02.04.70, which ste...

Unspecified vulnerability in Harman AMX (CNVD-2016-00786)

Harman AMX is a series of conversion controller products from Harman USA. A security vulnerability exists in the 'setUpSubtleUserAccount' function in the /bin/bw URI in versions of Harman AMX prior to 2015-10-12, which stems from the use of hard-coded passwords for BlackWidow accounts. A remote...

Lenovo eggplant fast pass（Lenovo ShareIT is exposed to many vulnerabilities-vulnerability warning-the black bar safety net

Lenovo ShareIT（eggplant fast pass service is proof there is a hard-coded password, information leakage, sensitive information is not encrypted, unauthorized vulnerability, bug submitter from Core Security Consulting team the security researcher Ivan Huertas, this report from the same team of...

Oh Snap! Lenovo protects your Security with '12345678' as Hard-Coded Password in SHAREit

What do you expect a tech giant to protect your backdoor security with? Holy Cow! It's "12345678" as a Hard-Coded Password. Yes, Lenovo was using one of the most obvious, awful passwords of all time as a hard-coded password in its file sharing software SHAREit that could be exploited by anyone wh...

Lenovo SHAREit App Hard-Coded Password

Lenovo today has patched a number of vulnerabilities that jeopardize private data, which are largely enabled by a simple hard-coded password in a freely available file-sharing application. The flaws were found in in the Lenovo ShareIT application for Android and Windows by researchers at Core...