CVE-2021-32525

The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interface with the administrator’s credential, entering the hard-coded password of the debug mode to execute the restricted system instructions. The referred vulnerability has been...

Hardcoded credentials

Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document...

CVE-2021-32535

QSAN SANOS contains a hard-coded default-credentials flaw that allowed unauthenticated remote attackers to gain administrator privileges and execute arbitrary functions. A fix is available in SANOS v2.1.0. The vulnerability is documented across multiple sources (NVD, CVE, CVE List) with high to c...

CVE-2021-32525 QSAN Storage Manager - Use of Hard-coded Password-2

The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interface with the administrator’s credential, entering the hard-coded password of the debug mode to execute the restricted system instructions. The referred vulnerability has been...

CVE-2021-32525

The CVE-2021-32525 issue affects QSAN Storage Manager (QSAN NAS OS) with hard-coded credentials in firmware up to version 3.3.1 (build 202101041800). The root cause is a hard-coded administrator credential in the debug mode password, allowing remote actors to access the control interface and exec...

CVE-2021-32521 QSAN Storage Manager, XEVO, SANOS - Use of Hard-coded Password

Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Suggest contacting with QSAN and refer to recommendations in QSAN Document...

CVE-2021-32520

The CVE-2021-32520 entry concerns QSAN Storage Manager (QSAN NAS OS) and a hard-coded cryptographic key vulnerability. The root cause is use of a hard-coded encryption key, which could allow an attacker to obtain user credentials and related permissions. The available documents consistently descr...

CVE-2021-33218

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...

CVE-2021-33218

CVE-2021-33218 affects CommScope Ruckus IoT Controller

QSAN Storage Manager 信任管理问题漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A security vulnerability exists in QSAN Storage Manager that stems from the use of a hard-coded encryption key vulnerability that could be exploited by an attacker to gain access to user credentials and...

Joomla! 代码问题漏洞

Joomla! is a set of forum components used in the Joomla! content management system. A code issue vulnerability exists in Joomla! 2.5.0 - 3.9.27. The vulnerability stems from a hard-coded ACL check for superuser missing from the install operation in cominstaller, which can be exploited to execute...

QSAN Storage Manager 信任管理问题漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A hard-coded credentials vulnerability exists in QSAN Storage Manager version 3.3.1 build 202101041800 and prior versions. An attacker can exploit this vulnerability to open the control interface via the...

QSAN SANOS 信任管理问题漏洞

QSAN SANOS is the SAN storage management operating system from QSAN China. It comes with a refreshingly simple and easy-to-use Web GUI and can be easily deployed into any infrastructure. A trust management issue vulnerability exists in QSAN SANOS, which stems from the presence of hard-coded defau...

CVE-2021-24005

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...

Hardcoded credentials

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...

CVE-2021-24005

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...

CVE-2021-24005

FortiAuthenticator is affected by CVE-2021-24005 due to use of hard-coded cryptographic keys to encrypt configuration files and debug logs. The root cause is the presence of a hard-coded key that can allow an attacker with access to the files or CLI configuration to decrypt sensitive data. Affect...

CVE-2021-31505

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mod...

CVE-2021-31505

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mod...

CVE-2021-31505

The CVE-2021-31505 entry affects Arlo Q Plus with firmware 1.9.0.3_278, where attackers with physical access can escalate privileges via the SSH service. The vulnerability allows the device to boot into a special operation mode that accepts hard-coded SSH credentials, enabling privilege escalatio...