GE UR Family (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: UR Family Vulnerabilities: Inadequate Encryption Strength, Session Fixation, Exposure of Sensitive Information to an Unauthorized Actor, Improper Input Validation, Unrestricted Upload...

CVE-2020-27278

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface...

CVE-2020-27278

The CVE-2020-27278 issue affects Hamilton Medical AG’s T1-Ventilator (versions 2.2.3 and earlier). The vulnerability arises from hard-coded credentials in the device’s configuration interface, enabling attackers with physical access to obtain admin privileges. Public sources also document related...

CVE-2020-27278

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface...

IBM Security Verify Bridge Trust Management Issues Vulnerability

IBM Security Verify Bridge is an IBM application component from International Business Machines IBM, Inc. provides IBM Cloud access to user attributes and authentication that are controlled by the client's local LDAP or Active Directory. A security vulnerability exists in IBM Security Verify Brid...

Security Bulletin: IBM Verify Gateway does not hide a cryptographic key in one of its binary files (CVE-2020-4385)

Summary In one of the binary files distributed with the IBM Verify Gateway IVG components, it's possible to locate a hard-coded cryptographic key that's passed as an argument to an encryption function. As of v1.0.1 of IVG for RADIUS and IVG for AIX PAM, and v1.0.2 of IVG for Linux PAM and IVG for...

Security Bulletin: IBM Security Verify Bridge uses a hard-coded key to encrypt the client secret (CVE-2021-20442)

Summary The obfuscation logic in IBM Security Verify Bridge ISVB relies on a hard-coded key to encrypt the client secret string. This means all ISVB users have the same encryption key. As of v1.0.5, ISVB has re-implemented its obfuscation logic so that each user gets assigned a unique key...

FiberHome HG6245D devices trust management issue vulnerability (CNVD-2021-18374)

FiberHome HG6245D devices is a router from FiberHome, China. It provides network connectivity. A trust management issue vulnerability exists in the FiberHome HG6245D devices, which can be exploited by an attacker to attack vulnerable components using default passwords or hard-coded passwords,...

Authentication flaw

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the applysave.cgi endpoint. This issue results from the use of hard-coded...

CVE-2021-27254

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the applysave.cgi endpoint. This issue results from the use of hard-coded...

CVE-2021-20442

IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618...

Hardcoded credentials

IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618...

CVE-2021-20442

CVE-2021-20442 affects IBM Security Verify Bridge (ISVB). The issue is hard-coded credentials, including a hard-coded key used to encrypt the client secret, meaning all ISVB deployments prior to the fix rely on a shared credential. IBM notes that as of v1.0.5 ISVB re-implements its obfuscation so...

CVE-2021-20442

IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618...

vxhunter

This is an offensive tool for embedded device analysis. It is a toolset for VxWorks based embedded device analyses, specifically designed for analyzing VxWorks firmware. The toolset includes plugins written in Python for analyzing firmware loading address, fixing function names with symbol tables...

IBM Security Verify Bridge 信任管理问题漏洞

IBM Security Verify Bridge is an IBM application component from International Business Machines IBM, Inc. provides IBM Cloud access to user attributes and authentication that are controlled by the client's local LDAP or Active Directory. A security vulnerability exists in IBM Security Verify Brid...

MB connect line mbCONNECT24, mymbCONNECT24

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: MB connect line Equipment: mymbCONNECT24, mbCONNECT24 Vulnerabilities: Improper Privilege Management, Server-side Request Forgery SSRF, Cross-site Scripting, Uncontrolled Resource Consumption, Open...

Advantech BB-ESWGP506-2SFP-T Hardcoded Vulnerability

The Advantech BB-ESWGP506-2SFP-T is an application from CHAAdvantech that provides an intelligent electric bus management system. A hard-coded vulnerability in the Advantech BB-ESWGP506-2SFP-T allows remote attackers to exploit the vulnerability to submit a special request, gain unauthorized acce...

Helpcom Trust Management Issues Vulnerabilities

Helpcom is an application from the Korean company Helpcom. It provides remote control services. A security vulnerability exists in versions prior to Helpcom v10.0 that stems from storing hard-coded encryption keys. No detailed vulnerability details are provided at this time...

CVE-2021-22667

BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T versions 1.01.01 and prior...