Warning! Seagate Wireless Hard Drives Have a Secret Backdoor for Hackers

Several of Seagate's 3rd generation Wireless Hard drives have a secret backdoor for hackers that puts users' data at risk. A Recent study done by the security researchers at Tangible Security firm disclosed an “undocumented Telnet services” with a hard-coded password in Seagate Wireless Hard...

Basware Banking Trust Management Vulnerability (CNVD-2015-05813)

Basware Banking Maksuliikenne is a suite of software from the Finnish company Basware that establishes connections with banks to manage their own finances. A security vulnerability exists in Basware Banking version 8.90.07 and earlier, which stems from the use of hard-coded passwords for ANCO...

Basware Banking Trust Management Vulnerability (CNVD-2015-05812)

Basware Banking Maksuliikenne is a suite of software from the Finnish company Basware that establishes connections with banks to manage their own finances. A security vulnerability exists in Basware Banking version 8.90.07 and earlier, which stems from the use of hard-coded passwords for accounts...

Seagate and LaCie wireless storage products contain multiple vulnerabilities

Overview Multiple Seagate wireless storage products contain multiple vulnerabilities. Description CWE-798: Use of Hard-coded Credentials - CVE-2015-2874 Some Seagate wireless storage products provide undocumented Telnet services accessible by using the default credentials of 'root' as username an...

Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities

Overview The Phillipine Long Distance Telephone PLDT company provides internet access in the Phillippines. The SpeedSurf 504AN and Kasda KW58293 modems distributed by PLDT contain multiple vulnerabilities. The BaudTec ADSL2+ Router may also be affected. Description PLDT provides SpeedSurf 504AN,...

Moxa OnCell Central Manager Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning hardcoded credentials and authentication bypass vulnerabilities in Moxa’s OnCell Central Manager Software. These vulnerabilities were reported to ZDI by security researcher Andrea Micalizzi. Moxa has released a...

CERT Warns of Hard-Coded Credentials in DSL SOHO Routers

DSL routers from a number of manufacturers contain hard-coded credentials that could allow a hacker to access the devices via telnet services and remotely control them. An advisory published Tuesday by the DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University said...

Mobile Devices C4 OBD2 Dongle Privilege Access Vulnerability (CNVD-2015-05628)

The Mobile Devices aka MDI C4 OBD2 Dongle is a programmable OBD2 solution from the French company Mobile Devices. A security vulnerability exists in the Mobile Devices C4 OBD2 Dongle that stems from the program's use of hard-coded SSH certificates. The vulnerability can be exploited by a remote...

Actiontec GT784WN Modem Privilege Gain Vulnerability

The Actiontec GT784WN is a DSL Digital Subscriber Line modem router from Actiontec USA. A security vulnerability exists in Actiontec GT784WN modems using firmware versions prior to NCS01-1.0.13, which stems from the program's use of hard-coded certificates. A remote attacker could exploit the...

DSL routers contain hard-coded "XXXXairocon" credentials

Overview DSL routers by ASUS, DIGICOM, Observa Telecom, Philippine Long Distance Telephone PLDT, and ZTE contain hard-coded "XXXXairocon" credentials Description CWE-798: Use of Hard-coded Credentials DSL routers, including the ASUS DSL-N12E, DIGICOM DG-5524T, Observa Telecom RTA01N, Philippine...

KAKO HMI Hardcoded Password Security Bypass Vulnerability

KAKO HMI is a Scada HMI. The KAKO HMI has a built-in hard-coded password that allows a remote attacker to exploit a vulnerability to bypass authentication mechanisms and gain access to affected devices...

Xceedium Xsuite Hardcoded Credentials Vulnerability

Xceedium Xsuite is a unified identity management solution from Xceedium that provides access control, monitoring and logging capabilities for hybrid cloud environments. The solution supports access control policies based on roles or individual users. Xceedium Xsuite suffers from a hard-coded...

Schneider Electric Modicon M340 PLC Station P34 Module HMI Vulnerabilities

Update Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON. The Industrial Control System Cyber Emergency Response Team ICS-CERT released an alert late last week and patches are currently being validated according to ICS-CE...

Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities

Overview Mobile Devices C4 OBD2 dongle, and potentially other rebranded devices, contains multiple vulnerabilities Description The Mobile Devices C4 OBD2 dongle is the base model for several rebranded consumer devices, such as the Metromile pay-by-mile insurance dongle. These devices are plugged...

Actiontec GT784WN Wireless N DSL Modem contains multiple vulnerabilities

Overview Actiontec GT784WN Wireless N DSL Modem, versions NCS01-1.0.12 and earlier, contains multiple vulnerabilities. Description CWE-259: Use of Hard-coded Password - CVE-2015-2904Actiontec GT784WN Wireless N DSL Modem contains multiple hard-coded credentials that enable a user to log into the...

Sierra Wireless GX, ES, and LS gateways running ALEOS contain hard-coded credentials

Overview Sierra Wireless GX, ES, and LS gateway devices running ALEOS versions 4.4.1 and earlier contain hard-coded credentials. Description CWE-259: Use of Hard-coded Password - CVE-2015-2897Sierra Wireless GX, ES, and LS gateways running ALEOS contain multiple hard-coded accounts with root...

CVE-2011-5324

CVE-2011-5324 affects GE Healthcare Centricity PACS-IW via the TeraRecon server. CNVD/NVD records indicate built-in accounts in PACS-IW with a shared password for the shared user and a password for the scan user (versions 3.7.3.7/3.7.3.8 mentioned). This design enables remote attackers to use the...

N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password

Overview SolarWinds N-Able N-Central is an agent-based enterprise support and management solution. N-Able N-Central contains several hard-coded encryption constants in the web interface that allow decryption of the password when combined. Description CWE-547: Use of Hard-coded, Security-relevant...

[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection

Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last update: 2015-07-08 Vendors contacted: AirLink101...

AirLive IP Surveillance Camera there is a command injection vulnerability, a large number of products affected-vulnerability warning-the black bar safety net

A large number of AirLive IP Surveillance Camera is exposed there is a command injection vulnerability, an attacker can use this vulnerability to steal user login credentials and control equipment. The vulnerability principle and scope of impact OvisLink company manufactured a large number of...