Multiple vulnerabilities in multiple I-O DATA network camera products

Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Permissions, Privileges, and Access Controls CWE-264 - CVE-2018-0661 Insufficient Verification of Data Authenticity CWE-345 - CVE-2018-0662 Use of Hard-coded Credentials...

JVN#83701666: Multiple vulnerabilities in multiple I-O DATA network camera products

Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Permissions, Privileges, and Access Controls CWE-264 - CVE-2018-0661 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2|...

CVE-2018-10592

Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could...

CVE-2018-10592

Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could...

CVE-2018-10592

Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could...

CVE-2018-10592

CVE-2018-10592 affects Yokogawa STARDOM controllers: FCJ (R4.02 and prior), FCN-100 (R4.02 and prior), FCN-RTU (R4.02 and prior), and FCN-500 (R4.02 and prior); updates show affected families also include R4.10 and prior. Root cause is use of hard-coded credentials that could allow an attacker to...

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

Hardcoded credentials

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

Integrated Management Module 2 (IMM2) First Failure Data Capture (FFDC) Information Disclosure - Lenovo Support US

No description provided...

Important: Red Hat Security Advisory: openstack-tripleo-heat-templates security update

An update for openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 13.0 Queens for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Credentials

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

CVE-2016-9495

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port 23 can be obtained through using one of a few default credentials shared among all devices...

CVE-2016-9495 Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port 23 can be obtained through using one of a few default credentials shared among all devices...

CVE-2016-9495

CVE-2016-9495 affects Hughes broadband satellite modems (HN7740S, DW7000, HN7000S/SM). The root issue is use of hard-coded/default credentials allowing access to port 23 via telnet; OpenVAS notes multiple vulnerabilities in these devices. Affected firmware before 6.9.0.34 is vulnerable; 6.9.0.34+...

Juniper Contrail Service Orchestration Hard-Coded Credentials Vulnerability (CNVD-2019-19205)

Juniper Contrail Service Orchestration CSO is a Juniper Networks suite of products for designing and deploying network services in a centralized cloud CPE deployment model. A hard-coded credentials vulnerability exists in Juniper CSO versions prior to 4.0.0. The vulnerability stems from the fact...

Juniper Networks CSO Information Disclosure Vulnerability

Juniper Contrail Service Orchestration CSO is a Juniper Networks suite of products for designing and deploying network services in a centralized cloud CPE deployment model. An information disclosure vulnerability exists in Juniper CSO versions prior to 3.3.0 that stems from the program's use of...

Juniper Contrail Service Orchestration Unauthorized Access Vulnerability

Juniper Contrail Service Orchestration CSO is a Juniper Networks suite of products for designing and deploying network services in a centralized cloud CPE deployment model. An unauthorized access vulnerability exists in Juniper CSO versions prior to 4.0.0, which stems from the program's use of...