Security Bulletin: Backdoor Access Vulnerability in IBM System Networking Products (CVE- 2014-4752)

Summary Backdoor access discovered on IBM System Networking Switches Vulnerability Details Abstract Backdoor access discovered on IBM System Networking Switches Content Vulnerability Details: CVEID: CVE-2014-4752 Descriptoin: It has been reported that the firmware that runs on some of the IBM...

CVE-2018-1959

IBM Security Identity Manager Virtual Appliance 7.0.1 is affected by CVE-2018-1959 due to hard-coded credentials used for inbound authentication/outbound communication or data encryption. Affected versions: 7.0.1 – 7.0.1.10. Impact per IBM: Confidentiality impact high; other impacts not reported....

Shamoon Reappears, Poised for a New Wiper Attack

A new version of the Shamoon data-wiping malware has emerged, marking the third time the destructive virus has been seen in the wild – and researchers believe a new campaign may be imminent. First spotted in 2012 in the attack on Saudi Aramco, Shamoon has the ability to destroy files on infected...

CVE-2018-15753

An issue was discovered in the MensaMax aka com.breustedt.mensamax application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password...

Hardcoded credentials

The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services...

CVE-2018-14901

The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services...

Hardcoded credentials

DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

CVE-2017-13108 DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption

DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

Hardcoded credentials

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Credentials

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

CVE-2018-12323

CVE-2018-12323 affects Momentum Axel 720P 5.1.8 devices. A hard-coded password (EHLGVG) exists for the root and admin accounts, enabling physically proximate attackers to log in at the console. This is a local/physical access issue with high impact on confidentiality, integrity, and availability ...

CVE-2018-0329

A vulnerability in the default configuration of the Simple Network Management Protocol SNMP feature of Cisco Wide Area Application Services WAAS Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded,...

CVE-2018-10167

TP-Link EAP Controller and Omada Controller (Windows) versions 2.5.4_Windows and 2.6.0_Windows are affected by CVE-2018-10167 due to a hard-coded cryptographic key used to encrypt the web app backup file. A low-privilege user can decrypt and modify the backup to escalate privileges, including cre...

Korenix JetNet

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Korenix Equipment: JetNet Vulnerabilities: Use of Hard-coded Cryptographic Key, Use of Hard-coded Credentials AFFECTED PRODUCTS The following versions of JetNet, an Ethernet switch, are affected: JetNet5018G version...

CVE-2016-8731

CVE-2016-8731 affects Foscam C1 IP Camera firmware 1.9.1.12, where hard-coded FTP credentials (user: r, pass: r) allow remote FTP access to the camera if port 50021 is reachable. Public analysis confirms the vulnerability enables remote login to the camera’s FTP service and mounted SD card, with ...

Hardcoded credentials

A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded...

CVE-2017-8077

On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key a long string beginning with Ei2HNryt. This affects the 1.1.2 Build 20141017 Rel.50749 firmware...

WePresent WiPG-1500 - Backdoor Account

WePresent WiPG-1500 - Backdoor Account Exploit Title: CVE-2017-6351 - WePresent undocumented privileged manufacturer backdoor account Date: 27/02/2017 Exploit Author: Quentin Olagne Vendor Homepage: http://www.wepresentwifi.com/ or http://www.awindinc.com/productswepresentwipg1500.html Software...

CVE-2016-8954

IBM dashDB Local (v1.0.0–v1.3.1) is affected by CVE-2016-8954 due to hard-coded credentials that could allow a remote attacker to access the Docker container or the database. The IBM security bulletin confirms a high-severity flaw (CVSS v3 base 9.8) with remote, unauthenticated access leading to ...

Crestron AM-100 1.2.1 Path Traversal / Hard-Coded Credentials

================================================================= Crestron AM-100 Multiple Vulnerabilities ================================================================= Date: 2016-08-01 Exploit Author: Zach Lanier Vendor Homepage: https://www.crestron.com/products/model/am-100 Version:...