Lucene search
K

8070 matches found

NVD
NVD
added 2022/03/10 5:47 p.m.20 views

CVE-2022-25213

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...

7.2CVSS0.00363EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/03/08 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-44207

Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel...

8.1CVSS7.9AI score0.17578EPSS
Exploits0References1
ICS
ICS
added 2022/03/08 12:0 a.m.160 views

PTC Axeda agent and Axeda Desktop Server (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Axeda agent, Axeda Desktop Server Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor,...

10CVSS8.5AI score0.03897EPSS
Exploits0References5
CVE
CVE
added 2022/03/07 9:55 p.m.93 views

CVE-2022-25213

CVE-2022-25213 describes improper physical access control and hard-coded credentials in /etc/passwd that allow an attacker with physical access to obtain a root shell via an unprotected UART port, which also exposes an unauthenticated Das U-Boot BIOS shell. The description applies to devices with...

7.2CVSS6.5AI score0.00363EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/03/07 9:55 p.m.16 views

CVE-2022-25213

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...

6.7AI score0.00363EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/03/07 9:49 p.m.23 views

CVE-2022-25217

Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...

7.8AI score0.00324EPSS
Exploits1References1
CVE
CVE
added 2022/03/07 9:49 p.m.103 views

CVE-2022-25217

CVE-2022-25217 involves hard-coded RSA keys in telnetd_startup on Phicomm/K2 and K3C firmware. A local attacker within the LAN can obtain a root shell by leveraging the leaked private key to trigger telnetd_startup via scripted UDP exchanges, spawning an unauthenticated root telnet shell. Concret...

7.8CVSS7.6AI score0.00324EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/07 12:0 a.m.6 views

PT-2022-17152 · Phicomm · K2 Firmware +1

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned, so the description is: Device affected versions not specified Description: The issue concerns improper physical access control and the use of hard-coded credentials in /etc/passwd. This allows an...

7.2CVSS6.4AI score0.00363EPSS
Exploits1References2
CNVD
CNVD
added 2022/03/04 12:0 a.m.22 views

Home Owners Collection Management System信任管理问题漏洞

Home Owners Collection Management System, a homeowner collection management system, is vulnerable to a trust management issue stemming from Home Owners Collection Management System v1.0. System v1.0 was found to contain hard-coded credentials, which could be exploited by an attacker to escalate...

9.8CVSS3.9AI score0.01287EPSS
Exploits1References1
ICS
ICS
added 2022/03/03 12:0 a.m.46 views

BD Viper LT

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company BD Equipment: Viper LT Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access, modify, or delete...

8CVSS7.6AI score0.00228EPSS
Exploits0References4
ICS
ICS
added 2022/03/03 12:0 a.m.31 views

BD Pyxis

1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Becton, Dickinson and Company BD Equipment: Pyxis Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to electronic protected health information ePHI or other...

7CVSS6.2AI score0.00224EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/02 12:0 a.m.4 views

Home Owners Collection Management System 信任管理问题漏洞

Home Owners Collection Management System, a homeowner collection management system, is vulnerable to a trust management issue stemming from Home Owners Collection Management System v1.0. System v1.0 was found to contain hard-coded credentials, which could be exploited by an attacker to escalate...

9.8CVSS8.3AI score0.01287EPSS
Exploits1References3
Securelist
Securelist
added 2022/03/01 1:30 p.m.11 views

Elections GoRansom – a smoke screen for the HermeticWiper attack

Executive summary On February 24, 2022, Avast Threat Research published a tweet announcing the discovery of new Golang ransomware, which they called HermeticRansom. This malware was found around the same time the HermeticWiper was found, and based on publicly available information from security...

6.9AI score
Exploits0
GithubExploit
GithubExploit
added 2022/02/24 1:40 p.m.632 views

Exploit for Use of Hard-coded Credentials in Qxip Homer_Webapp

CVE-2022-22845-Exploit Exploit for CVE...

9.8CVSS9.7AI score0.03811EPSS
Exploits1
ICS
ICS
added 2022/02/24 12:0 a.m.108 views

Schneider Electric Easergy P5 and P3

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Easergy P5 and P3 --------- Begin Update A Part 1 of 4 --------- Vulnerabilities: Use of Hard-Coded Credentials, Classic Buffer Overflow, and Improper Input Validation --------- End Update A...

8.8CVSS8.7AI score0.02822EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/02/23 12:0 a.m.4 views

Celartem Extensis Portfolio 信任管理问题漏洞

Celartem Extensis Portfolio is a digital asset management solution from Celartem Japan. A trust management issue vulnerability exists in Celartem Extensis Portfolio versions 3.0.0 through 3.6.3, which stems from the presence of hard-coded credentials in the main portal and administrator portal. A...

9CVSS8AI score0.01637EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/02/22 12:0 a.m.7 views

Trend Micro ServerProtect信任管理问题漏洞

Trend Micro ServerProtect is an enterprise-grade anti-virus program from Trend Micro, Inc. It is designed to protect Internet-connected storage systems and block threats at their source. Trend Micro ServerProtect suffers from a trust management issue vulnerability that originates from the presenc...

9.8CVSS8.5AI score0.02646EPSS
Exploits0References6
OSV
OSV
added 2022/02/21 6:15 p.m.2 views

CVE-2021-27797

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system...

9.8CVSS7.3AI score0.01326EPSS
Exploits2References1
NVD
NVD
added 2022/02/21 6:15 p.m.11 views

CVE-2021-27797

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system...

9.8CVSS0.01326EPSS
Exploits2References1
CVE
CVE
added 2022/02/21 5:49 p.m.95 views

CVE-2021-27797

CVE-2021-27797 affects Brocade Fabric OS. Versions prior to 8.2.1c, 8.1.2h, and all 8.0.x/7.x releases contain documented hard-coded credentials, enabling access to the system. The root cause is hard-coded admin credentials; impact is high (partial/complete confidentiality, integrity, and availab...

9.8CVSS9.4AI score0.01326EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder