CVE-2019-10688

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector BToE application 3.9.1, use hard-coded credentials to establish connections between the host application and the device...

CVE-2019-10688

Summary: CVE-2019-10688 affects VVX (Polycom) devices running UCS 5.9.2 or earlier with Better Together over Ethernet Connector (BToE) 3.9.1. A hard-coded credential vulnerability enables connections between the host application and the device, enabling potential unauthorized access. The CVSS met...

WAGO 750-88x Series and WAGO 750-87x Series Trust Management Issue Vulnerability

The WAGO 750-88x Series and WAGO 750-87x Series are both products of WAGO, Germany.The WAGO 750-88x Series is a 750-88x series programmable logic controller.The WAGO 750-87x Series is a 750-87x series programmable logic controller. A trust management issue vulnerability exists in the WAGO Series...

Avast Anti-Virus Trust Management Vulnerability

Avast Anti-Virus is a tool for cleaning Avast antivirus programs. A trust management vulnerability exists in Avast Anti-Virus versions prior to 19.1.2360 that stems from the lack of an effective trust management mechanism in a networked system or product. An attacker can exploit default passwords...

WAGO Series 750-88x and 750-87x

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: WAGO Equipment: Series 750-88x and 750-87x Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION This vulnerability allows a remote attacker to change the settings or alter the...

F5 BIG-IP Trust Management Issues Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP is vulnerable to a trust management issue. An attacker can exploit this vulnerability to attack affected components...

Ubiquiti Networks EdgeSwitch X Access Control Error Vulnerability

The Ubiquiti Networks EdgeSwitch is a Gigabit network switch device from Ubiquiti Networks, Inc. A trust management issue vulnerability exists in Ubiquiti Networks EdgeSwitch X v1.1.0 and prior versions. The vulnerability stems from the lack of an effective trust management mechanism in the netwo...

CVE-2019-9975

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key...

CVE-2019-9975

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key...

Siemens SIMATIC Panels and WinCC (TIA Portal)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC Runtime Advanced, WinCC Runtime Professional, WinCC TIA Portal; HMI Panels Vulnerabilities: Use of Hard-coded Credentials, Insufficient Protection of Credentials,...

MyCar Controls uses hard-coded credentials

Overview The MyCar Controls mobile applications prior to v3.4.24 on iOS and prior to v4.1.2 on Android contains hard-coded admin credentials. Description MyCar is a small aftermarket telematics unit from AutoMobility Distribution Inc. MyCar add smartphone-controlled geolocation, remote start/stop...

CVE-2019-10479

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface...

CVE-2019-10479

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface...

CVE-2019-10479

The CVE-2019-10479 entry concerns Glory RBW-100 devices running ISP-K05-02 7.0.0 firmware, where a hard-coded username and password allow a remote attacker to gain admin access to the Front Circle Controller web interface. The vulnerability enables full administrative privileges (impact: high/cri...

CVE-2019-10479

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface...

NC450 1.5.0 Build 181022 Rel.3A033D Hardcoded Credentials

Summary: The NC450 is your favorable companion that meets to home and office surveillance needs, keeping you in touch with what matters most. With its smooth and durable Pan/Tilt of up to 300/110 degrees, you can turn the camera to almost any position you want and watch over a wider area of your...

Grandstream GXV3611IR_HD Trust Management Issues Vulnerability

The Grandstream GXV3611IRHD is a webcam from Grandstream. A security vulnerability exists in Grandstream GXV3611IRHD versions prior to 1.0.3.23. An attacker can exploit the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components...

Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service Vulnerability (cisco-sa-20180801-pcp-dos

According to its self-reported version number, the remote Cisco Prime Collaboration Provisioning server is prior to 12.3. It is, therefore, affected by unauthorized password change denial of service vulnerability which could allow the attacker to cause the affected device to become inoperable,...

DASAN H660RM Information Disclosure / Hardcoded Key Vulnerability

DASAN H660RM allows for unauthenticated ping access, has a hardcoded key for encryption, and logs sensitive information into /tmp. DASAN H660RM Information Disclosure / Hardcoded Key CVE-2019-9974: diagtool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without...

Hardcoded credentials

Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password...