HP ArcSight SmartConnector CWSAPI SOAP Service Using Hardcoded Passwords Vulnerability

HP ArcSight SmartConnector is a log collector product from Hewlett-Packard HP, USA. A security vulnerability exists in the HP ArcSight SmartConnector's CWSAPI SOAP service that stems from the program's use of hard-coded passwords. An attacker could exploit the vulnerability to obtain administrato...

ZTE ZXHN H108N R1A routers contain multiple vulnerabilities

Overview ZTE ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.hPE, and ZXV10 W300 router, version W300V1.0.0fER1PE, contain multiple vulnerabilities. Description CWE-200: Information Exposure - CVE-2015-7248 Multiple information exposure vulnerabilities enable an attacker to obtain credentials...

HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password

Overview The HP ArcSight SmartConnector fails to properly validate SSL certificates, and also contains a hard-coded password. Description CWE-295: Improper Certificate Validation - CVE-2015-2902The ArcSight SmartConnector fails to validate the certificate of the upstream Logger device it is...

GE Multilink Switch Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-013-04 GE MultiLink Switch Vulnerabilities that was published January 13, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3 -------- Eireann Leverett of IOActive has identified three...

EMC SourceOne Email Supervisor Hard-Coded Password Vulnerability

EMC SourceOne Email Supervisor is an email and IM content monitoring and management solution. EMC SourceOne Email Supervisor suffers from a reverse engineering vulnerability in its implementation. An attacker could exploit this vulnerability to take control of an affected system via a hard-coded...

Moxa OnCell Central Manager Server RequestController Remote Code Execution Vulnerability

Moxa OnCell Central Manager provides Web access to private IP network devices. A security vulnerability exists in the RequestController class of Moxa OnCell Central Manager in the login function that contains hard-coded credentials, which can be exploited by an attacker to compromise the affected...

ZOHO ManageEngine OpManager Hardcoded Credentials Vulnerability

ZOHO ManageEngine OpManager is network performance management software. A hard-coded credentials vulnerability exists in ZOHO ManageEngine OpManager. A remote attacker could exploit this vulnerability to gain administrator access...

EasyIO EasyIO-30P-SF Controller Hardcoding Vulnerability

The EasyIO EasyIO-30P-SF is a 32-bit controller for DDC Direct Digital Control systems. The EasyIO EasyIO-30P-SF controller uses hard-coded passwords that allow remote attackers to exploit vulnerabilities for unauthorized access...

(0Day) Moxa OnCell Central Manager Server RequestController Static Credentials Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa OnCell Central Manager Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RequestController class. The specific flaw exists within the...

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Remote Code Execution Vulnerability

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are both products of General Electric Company GE, U.S.A. GE Digital Energy MDS PulseNET is a suite of software applications for monitoring and controlling industrial communication network devices. Enterprise is an enterprise version of MD...

Adcon Telemetry A840 Vulnerabilities

OVERVIEW Independent researcher Aditya K. Sood has identified vulnerabilities in Adcon Telemetry’s A840 Telemetry Gateway Base Station. Adcon Telemetry has stated that the A840 is an obsolete product and is no longer supported. No patches or updates will be created for this product. Adcon Telemet...

TP-Link NC200/NC220 无线网络云摄像头硬编码漏洞

TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: NC220 V1 1.0.28 Build 150629 Rel.22346 NC200 V1 2.0.15 Build 150701 Rel.20962 Summary: Designed with simplicity in mind, TP-LINK's...

TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials Vulnerability

NC220 and NC200 utilizes hard-coded credentials within its Linux distribution image. These sets of credentials root:root are never exposed to the end-user and cannot be changed through any normal operation of the camera. TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials Vendor...

Impero Education Pro is vulnerable

Impero Education Pro is an education management solution from Impero, Inc. that integrates classroom management, desktop management, and computer monitoring software into one package. Impero Education Pro versions prior to 5105 have a security vulnerability. Since the program uses hard-coded CBC...

TP-Link NC200NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials

TP-Link NC200NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: NC220 V1 1.0.28 Build 150629 Rel.22346 NC200 V1 2.0.15 Buil...

TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials

TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: NC220 V1 1.0.28 Build 150629 Rel.22346 NC200 V1 2.0.15 Build 150701 Rel.20962 Summary: Designed with simplicity in mind, TP-LINK's...

TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials

Summary Designed with simplicity in mind, TP-LINK's Cloud Cameras are a fast and trouble free way to keep track on what's going on in and around your home. Video monitoring, recording and sharing has never been easier with the use of TP-LINK’s Cloud service. The excitement of possibilities never...

TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials

TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: NC220 V1 1.0.28 Build 150629 Rel.22346 NC200 V1 2.0.15 Build 150701 Rel.20962 Summary: Designed with simplicity in mind, TP-LINK's...

Impero Education Pro classroom management software vulnerable to remote code execution

Overview Impero Software Education Pro classroom management software is vulnerable to remote code execution via improper encryption and authentication mechanisms. Description CWE-321: Use of Hard-coded Cryptographic KeyCWE-329: Not Using a Random IV with CBC Mode - CVE-2015-5997 According to the...

Hikvision a network camera to the anonymous user to bypass the login permissions-bug warning-the black bar safety net

Network Camera firmware internal for the convenience of visitors to access, curing an anonymous account, which in most cases is disabled, but can be a base64 hard-coded way to create a cookie to bypass the login permissions review. User: anonymous Password：\1 7 7\1 7 7\1 7 7\1 7 7\1 7 7\1 7 7 !...