Hardcoded credentials

The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E all firmware versions prior to v04A00.1...

CVE-2021-27440

Summary: CVE-2021-27440 concerns GE Reason DR60 firmware with a hard-coded password used for inbound authentication or outbound communication to external components in all versions before 02A04.1. Affected product/versions (as stated): Reason DR60 firmware prior to 02A04.1. Root cause (as describ...

CVE-2021-27440

The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 all firmware versions prior to 02A04.1...

CVE-2021-27438

The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 all firmware versions prior to 02A04.1...

CVE-2021-27438

CVE-2021-27438 concerns GE Reason DR60 firmware prior to 02A04.1, where externally influenced input can be used to construct code segments, enabling a code injection vulnerability. The vulnerability affects the DR60 digital fault recorder, with impact described as allow code execution through cra...

CVE-2021-27452

The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E all firmware versions prior to v04A00.1...

CVE-2021-27452

CVE-2021-27452 affects GE MU320E firmware prior to v04A00.1. The vulnerability is a hard-coded password that could allow an attacker with local access to take control of the merging unit. Affected product: MU320E (all firmware versions before v04A00.1). Remediation: GE-recommended upgrade to v04A...

PT-2021-17452 · Unknown · Reason Dr60

Name of the Vulnerable Software and Affected Versions: Reason DR60 versions prior to 02A04.1 Description: The software contains a hard-coded password used for inbound authentication or outbound communication to external components. Recommendations: For versions prior to 02A04.1, update to version...

PT-2021-17459 · Mu320E · Mu320E

Name of the Vulnerable Software and Affected Versions: MU320E versions prior to v04A00.1 Description: The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials. Recommendations: For versions prior to v04A00.1,...

GE Reason DR60 Hardcoded Password Vulnerability

The Reason DR60 is a centralized, all-in-one multi-function digital fault recorder DFR from GE. A hard-coded password vulnerability exists in GE Reason DR60 firmware versions prior to 02A04.1. No details of the vulnerability are provided at this time...

GE MU320E Hardcoded Password Vulnerability

The MU320E is a process interface unit from GE with integrated analog and digital merge interfaces. A hard-coded password vulnerability exists in GE MU320E firmware prior to version 04A00.1. An attacker could exploit this vulnerability to take control of the Merge Unit...

Critical Flaws Affecting GE's Universal Relay Pose Threat to Electric Utilities

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned of critical security shortcomings in GE's Universal Relay UR family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain...

Grid Solutions GE Reason DR60 信任管理问题漏洞

The Reason DR60 is a centralized, all-in-one multi-function digital fault recorder DFR from GE. A hard-coded password vulnerability exists in GE Reason DR60 firmware versions prior to 02A04.1. No details of the vulnerability are provided at this time...

GE MU320E

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: MU320E Vulnerabilities: Use of Hard-coded Password, Execution with Unnecessary Privileges, Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of these...

GE Reason DR60

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Reason DR60 Vulnerabilities: Hard-coded Password, Code Injection, Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

Grid Solutions GE Reason DR60 信任管理问题漏洞

The MU320E is a process interface unit from GE with integrated analog and digital merge interfaces. A hard-coded password vulnerability exists in GE MU320E firmware prior to version 04A00.1. An attacker could exploit this vulnerability to take control of the Merge Unit...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Hard-Coded Credentails / Shell Access

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Hard-coded Credentials Shell Access Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...

KZTech / JatonTec / Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page:...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Hard-coded Credentials Shell Access

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...