SSL / TLS Certificate Known Hard Coded Private Keys

The remote host is running a service that is using a publicly known SSL / TLS private key. An attacker may use this key to decrypt intercepted traffic between users and the device. A remote attacker can also perform a man-in-the-middle attack in order to gain access to the system or modify data i...

Battelle V2I Hub Hardcoded Credentials Vulnerability

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A hard-coded credentials vulnerability exists in Battelle V2I Hub...

CVE-2018-1000625

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system...

CVE-2018-1000625

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system...

Guardzilla Home Cameras Open to Anyone Wanting to Watch Their Footage

Another day, another internet of things IoT issue: A design flaw in the Guardzilla home video surveillance system has been discovered that allows users to watch other homeowners’ Guardzilla videos. The Guardzilla All-In-One Video Security System is a home security platform that provides indoor...

CVE-2018-1000625

The CVE-2018-1000625 vulnerability affects Battelle V2I Hub 2.5.1 and is caused by hard-coded credentials for the administrative account, allowing an attacker to log in as an admin and gain unauthorized access to the system. The connected CNVD/NVD entries corroborate the description. No concrete ...

CVE-2018-1000625

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system...

EVLink Parking Privilege Vulnerability

Schneider Electric EVLink Parking is a commercial electric vehicle charging solution from Schneider Electric, France. A security vulnerability exists in Schneider Electric EVLink Parking 3.2.0-12v1 and prior versions, which stems from the program's use of hard-coded credentials. An attacker could...

Critical Bug Patched in Schneider Electric Vehicle Charging Station

Schneider Electric is warning about a critical vulnerability in its EVLink Parking devices – a line of electric vehicle charging stations. The energy management and automation giant said the vulnerability is tied to a hard-coded credential bug that exists within the device that could enable...

CVE-2018-7800

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12v1 and earlier, which could enable an attacker to gain access to the device...

CVE-2018-7800

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12v1 and earlier, which could enable an attacker to gain access to the device...

CVE-2018-7800

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12v1 and earlier, which could enable an attacker to gain access to the device...

CVE-2018-7800

EVLink Parking (Schneider Electric) versions 3.2.0-12_v1 and earlier are affected by CVE-2018-7800 due to hard-coded credentials, enabling potential unauthenticated access to the device. The root cause is hard-coded credentials; impact includes gaining access to the device and full control of the...

CVE-2018-15720

Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API...

CVE-2018-15720

Affected product: Logitech Harmony Hub. Vulnerability: hard-coded XMPP accounts in the hub’s XMPP server allow remote, unauthenticated access to the local API. Root cause: exposed credentials baked into the firmware prior to 4.15.206. Impact: potential remote control of the hub APIs; effect on co...

CVE-2018-19233

COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file...

Security Bulletin: IBM Security Guardium is affected by a Use of Hard-coded Credentials vulnerability

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1818 DESCRIPTION: IBM Security Guardium contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication...

Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2018-16197 Hidden functionality CWE-912 - CVE-2018-16198 Cross-site scripting CWE-79 - CVE-2018-16199 OS command injection CWE-78 -...

JVN#99810718: Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2018-16197 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2|...

BSA-2018-841

Security Advisory ID : BSA-2018-841 Component : Hard-coded Credentials Revision : 3.0: Final A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented...