Lucene search
+L

104 matches found

Vulnrichment
Vulnrichment
added 2025/08/01 12:0 a.m.5 views

CVE-2019-19145

Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords...

5.8CVSS7.2AI score0.00293EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/06/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-34509

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

7.5CVSS5.8AI score0.39961EPSS
Exploits6References1
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.6 views

PT-2025-25745

Name of the Vulnerable Software and Affected Versions Sitecore Experience Manager XM and Experience Platform XP versions 10.1 through 10.1.4 rev. 011974 PRE Sitecore Experience Manager XM and Experience Platform XP versions 10.2 Sitecore Experience Manager XM and Experience Platform XP versions...

7.5CVSS10AI score0.39961EPSS
Exploits6References18
RedhatCVE
RedhatCVE
added 2025/05/22 11:11 a.m.17 views

CVE-2013-0142

QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors...

5CVSS7.2AI score0.01308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:50 a.m.10 views

CVE-2012-4712

Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors...

5CVSS7.1AI score0.01925EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:3 a.m.13 views

CVE-2013-3958

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request...

7.5CVSS6.9AI score0.01934EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:8 a.m.7 views

CVE-2013-2579

TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session...

10CVSS7.3AI score0.03901EPSS
Exploits6References1
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.290 views

ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE)

Exploit Title: ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution RCE Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023, SC Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM Firmware = 1.14.51 probably others Tested on: Linux...

9.8CVSS9.4AI score0.17399EPSS
Exploits6
CNNVD
CNNVD
added 2024/01/10 12:0 a.m.5 views

Bosch Nexo cordless nutrunner security breach

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows remote attackers to authenticate to the SSH service with root privileges via a hidden...

9.8CVSS6.9AI score0.00559EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.11 views

VulnCheck KEV: CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

9.8CVSS7.3AI score0.13518EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2023/02/27 12:0 a.m.370 views

ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ASUS ASMB8 iKVM RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023 Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM...

0.17399EPSS
Exploits6
0day.today
0day.today
added 2023/02/27 12:0 a.m.473 views

ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root Vulnerability

ASUS ASMB8 iKVM firmware versions 1.14.51 and below suffers from a flaw where SNMPv2 can be used with write access to introduce arbitrary extensions to achieve remote code execution as root. The researchers also discovered a hardcoded administrative account...

9.8CVSS9.9AI score0.17399EPSS
Exploits6
NVD
NVD
added 2022/09/13 10:15 p.m.34 views

CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

9.8CVSS0.13518EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/13 10:15 p.m.2 views

CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

9.8CVSS7.3AI score0.13518EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.7 views

PT-2022-22814 · Wapples · Wapples

Name of the Vulnerable Software and Affected Versions: WAPPLES versions through 6.0 Description: A threat actor could use a hardcoded systemi account to access the system configuration and confidential information, such as SSL keys, via an HTTPS request to the "/webapi/" URI on port 443 or 5001...

9.8CVSS9.1AI score0.13518EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/07/20 12:0 a.m.5 views

PT-2022-3814 · Atlassian · Questions For Confluence +1

Name of the Vulnerable Software and Affected Versions: Atlassian Questions For Confluence app versions 2.7.34 through 3.0.2 Description: The Atlassian Questions For Confluence app creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded...

9.8CVSS9.8AI score0.9817EPSS
Exploits1References39
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.17 views

TODO: Hardcode claim.account = address(this)?

Lines of code Vulnerability details Impact Why you still has a TODO in the final code? TODO: Hardcode claim.account = addressthis? It is not implemented yet. claim.account may be any value, which may break the claiming process or let user steal fund that intended to be used in MyStrategy to their...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/11/08 12:0 a.m.6 views

PT-2021-23601 · Xorux · Lpar2Rrd +1

Name of the Vulnerable Software and Affected Versions: LPAR2RRD and STOR2RRD versions prior to 7.30 Description: The issue concerns a hardcoded system account named lpar2rrd in XoruX LPAR2RRD and STOR2RRD. Recommendations: For versions prior to 7.30, update to version 7.30 or later to resolve the...

9.8CVSS9.4AI score0.01508EPSS
Exploits0References6
OSV
OSV
added 2020/07/29 6:15 p.m.5 views

CVE-2019-20025

Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privileg...

9.8CVSS5.8AI score0.02925EPSS
Exploits0References1
NVD
NVD
added 2019/12/11 7:15 p.m.20 views

CVE-2013-3542

Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WPHD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!/" with the same password, which makes it easier for remote attackers to obtain access vi...

10CVSS9.3AI score0.02602EPSS
Exploits2References2
Rows per page
Query Builder