8064 matches found
Actiontec GT784WN Modem Privilege Gain Vulnerability
The Actiontec GT784WN is a DSL Digital Subscriber Line modem router from Actiontec USA. A security vulnerability exists in Actiontec GT784WN modems using firmware versions prior to NCS01-1.0.13, which stems from the program's use of hard-coded certificates. A remote attacker could exploit the...
Mobile Devices C4 OBD2 Dongle Privilege Access Vulnerability (CNVD-2015-05628)
The Mobile Devices aka MDI C4 OBD2 Dongle is a programmable OBD2 solution from the French company Mobile Devices. A security vulnerability exists in the Mobile Devices C4 OBD2 Dongle that stems from the program's use of hard-coded SSH certificates. The vulnerability can be exploited by a remote...
DSL routers contain hard-coded "XXXXairocon" credentials
Overview DSL routers by ASUS, DIGICOM, Observa Telecom, Philippine Long Distance Telephone PLDT, and ZTE contain hard-coded "XXXXairocon" credentials Description CWE-798: Use of Hard-coded Credentials DSL routers, including the ASUS DSL-N12E, DIGICOM DG-5524T, Observa Telecom RTA01N, Philippine...
KAKO HMI Hardcoded Password Security Bypass Vulnerability
KAKO HMI is a Scada HMI. The KAKO HMI has a built-in hard-coded password that allows a remote attacker to exploit a vulnerability to bypass authentication mechanisms and gain access to affected devices...
Xceedium Xsuite Hardcoded Credentials Vulnerability
Xceedium Xsuite is a unified identity management solution from Xceedium that provides access control, monitoring and logging capabilities for hybrid cloud environments. The solution supports access control policies based on roles or individual users. Xceedium Xsuite suffers from a hard-coded...
Schneider Electric Modicon M340 PLC Station P34 Module HMI Vulnerabilities
Update Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON. The Industrial Control System Cyber Emergency Response Team ICS-CERT released an alert late last week and patches are currently being validated according to ICS-CE...
Actiontec GT784WN Wireless N DSL Modem contains multiple vulnerabilities
Overview Actiontec GT784WN Wireless N DSL Modem, versions NCS01-1.0.12 and earlier, contains multiple vulnerabilities. Description CWE-259: Use of Hard-coded Password - CVE-2015-2904Actiontec GT784WN Wireless N DSL Modem contains multiple hard-coded credentials that enable a user to log into the...
Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities
Overview Mobile Devices C4 OBD2 dongle, and potentially other rebranded devices, contains multiple vulnerabilities Description The Mobile Devices C4 OBD2 dongle is the base model for several rebranded consumer devices, such as the Metromile pay-by-mile insurance dongle. These devices are plugged...
Sierra Wireless GX, ES, and LS gateways running ALEOS contain hard-coded credentials
Overview Sierra Wireless GX, ES, and LS gateway devices running ALEOS versions 4.4.1 and earlier contain hard-coded credentials. Description CWE-259: Use of Hard-coded Password - CVE-2015-2897Sierra Wireless GX, ES, and LS gateways running ALEOS contain multiple hard-coded accounts with root...
CVE-2011-5324
CVE-2011-5324 affects GE Healthcare Centricity PACS-IW via the TeraRecon server. CNVD/NVD records indicate built-in accounts in PACS-IW with a shared password for the shared user and a password for the scan user (versions 3.7.3.7/3.7.3.8 mentioned). This design enables remote attackers to use the...
N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password
Overview SolarWinds N-Able N-Central is an agent-based enterprise support and management solution. N-Able N-Central contains several hard-coded encryption constants in the web interface that allow decryption of the password when combined. Description CWE-547: Use of Hard-coded, Security-relevant...
[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection
Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last update: 2015-07-08 Vendors contacted: AirLink101...
AirLive IP Surveillance Camera there is a command injection vulnerability, a large number of products affected-vulnerability warning-the black bar safety net
A large number of AirLive IP Surveillance Camera is exposed there is a command injection vulnerability, an attacker can use this vulnerability to steal user login credentials and control equipment. The vulnerability principle and scope of impact OvisLink company manufactured a large number of...
AirLink101 SkyIPCam1620W OS Command Injection
Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last update: 2015-07-08 Vendors contacted: AirLink101...
AirLink101 SkyIPCam1620W OS Command Injection
Advisory ID Internal CORE-2015-0011 1. Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL:https://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last update: 2015-07-0...
AirLive 系列 IP 摄像头命令注入漏洞
大量AirLive IP监控摄像机被曝存在命令注入漏洞,攻击者可利用该漏洞窃取用户登录凭证并控制设备。漏洞原理及影响范围OvisLink公司制造的大量AirLive IP监控摄像机中都存在着命令注入漏洞,通过该漏洞,网络攻击者可以解码用户登录凭证,并可以完全控制监控设备。根据Core安全公司的专家们的消息,至少5种不同型号的AirLive监控摄像机都受此漏洞的影响。这5种型号的监控摄像机分别如下:1、AirLive BU-2015,固件版本1.03.18 16.06.20142、AirLive BU-3026,固件版本1.43 21.08.20143、AirLive...
AirLink101 SkyIPCam1620W - OS Command Injection
AirLink101 SkyIPCam1620W - OS Command Injection 1. Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last updat...
AirLink101 SkyIPCam1620W OS Command Injection Vulnerability
Exploit for hardware platform in category web applications 1. Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of...
Janitza UMG Power Quality Measuring Products Vulnerabilities
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on September 22, 2015, and is being released to the NCCIC/ICS-CERT web site. Mattijs van Ommeren of Applied Risk has identified several vulnerabilities in the Janitza UMG power quality measuring products. Janitza ha...
GE MDS PulseNET Vulnerabilities
OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning two vulnerabilities in GE’s MDS PulseNET and MDS PulseNET Enterprise Network Management Software. These vulnerabilities were reported to ZDI by security researcher Andrea Micalizzi. GE has produced a new versio...