NUUO CMS Elevation of Privilege Vulnerability

NUUO CMS is a set of centralized software management platform from NUUO. The platform is used to centrally manage devices such as NVRs hard disk recorders and IP cameras, and provides functions such as user management and alarm management. A security vulnerability exists in NUUO CMS 3.1 and earli...

FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Hard-coded Credentials Shell Access

Summary Thermal Imaging Camera For Continuous Condition and Safety Monitoring FLIR AX8 is a thermal sensor with imaging capabilities. Combining thermal and visual cameras in a small, affordable package, the AX8 provides continuous temperature monitoring and alarming capabilities to protec critica...

CVE-2018-17894

NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access...

CVE-2018-17896

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only...

Hardcoded credentials

NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access...

CVE-2018-17894

NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access...

CVE-2018-17896

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only...

CVE-2018-17894

NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access...

CVE-2018-17896

CVE-2018-17896 affects Yokogawa STARDOM controllers FCJ, FCN-100, FCN-RTU, FCN-500 (versions R4.10 and earlier). The vulnerability stems from hard-coded credentials that could allow an attacker to gain unauthorized maintenance access and view/modify information, with exploitation possible during ...

CVE-2018-17894

NUUO CMS (all versions 3.1 and prior) contains a vulnerability where default accounts are created with hard-coded passwords, enabling elevated privileges for an attacker. The issue is documented under CVE-2018-17894 and is corroborated by multiple sources (NVD, CNVD, CVE lists) and ICS advisories...

CVE-2018-17896

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only...

NUUO CMS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NUUO Equipment: CMS Vulnerabilities: Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Credentials 2. RISK...

IBM Security Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2018-20668)

IBM Security Key Lifecycle Manager formerly known as Tivoli Key Lifecycle Manager is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. An information disclosure vulnerabili...

CVE-2018-5399

The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...

CVE-2018-1742

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421...

CVE-2018-1742

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421...

CVE-2018-5399

CVE-2018-5399 affects Auto-Maskin DCU-210E RP-210E firmware (ARMv7) versions prior to 3.7. The firmware contains an undocumented Dropbear SSH server (v2015.55) listening on port 22 with hard-coded credentials (root / amroot) and password-only authentication, while an RSA host-key is present. This...

CVE-2018-1742

CVE-2018-1742 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager). The vulnerability arises from hard-coded credentials (passwords or cryptographic keys) embedded in the software, used for inbound authentication, outbound communication, or data encryption. Affected ...

CVE-2018-5399 The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running and is configured with a hard-coded credentials

The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...

CVE-2018-1742

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421...