104 matches found
CVE-2019-19145
Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords...
VulnCheck KEV: CVE-2025-34509
Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...
PT-2025-25745
Name of the Vulnerable Software and Affected Versions Sitecore Experience Manager XM and Experience Platform XP versions 10.1 through 10.1.4 rev. 011974 PRE Sitecore Experience Manager XM and Experience Platform XP versions 10.2 Sitecore Experience Manager XM and Experience Platform XP versions...
CVE-2013-0142
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors...
CVE-2012-4712
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors...
CVE-2013-3958
The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request...
CVE-2013-2579
TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session...
ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE)
Exploit Title: ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution RCE Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023, SC Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM Firmware = 1.14.51 probably others Tested on: Linux...
Bosch Nexo cordless nutrunner security breach
Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows remote attackers to authenticate to the SSH service with root privileges via a hidden...
VulnCheck KEV: CVE-2022-35413
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...
ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ASUS ASMB8 iKVM RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023 Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM...
ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root Vulnerability
ASUS ASMB8 iKVM firmware versions 1.14.51 and below suffers from a flaw where SNMPv2 can be used with write access to introduce arbitrary extensions to achieve remote code execution as root. The researchers also discovered a hardcoded administrative account...
CVE-2022-35413
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...
CVE-2022-35413
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...
PT-2022-22814 · Wapples · Wapples
Name of the Vulnerable Software and Affected Versions: WAPPLES versions through 6.0 Description: A threat actor could use a hardcoded systemi account to access the system configuration and confidential information, such as SSL keys, via an HTTPS request to the "/webapi/" URI on port 443 or 5001...
PT-2022-3814 · Atlassian · Questions For Confluence +1
Name of the Vulnerable Software and Affected Versions: Atlassian Questions For Confluence app versions 2.7.34 through 3.0.2 Description: The Atlassian Questions For Confluence app creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded...
TODO: Hardcode claim.account = address(this)?
Lines of code Vulnerability details Impact Why you still has a TODO in the final code? TODO: Hardcode claim.account = addressthis? It is not implemented yet. claim.account may be any value, which may break the claiming process or let user steal fund that intended to be used in MyStrategy to their...
PT-2021-23601 · Xorux · Lpar2Rrd +1
Name of the Vulnerable Software and Affected Versions: LPAR2RRD and STOR2RRD versions prior to 7.30 Description: The issue concerns a hardcoded system account named lpar2rrd in XoruX LPAR2RRD and STOR2RRD. Recommendations: For versions prior to 7.30, update to version 7.30 or later to resolve the...
CVE-2019-20025
Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privileg...
CVE-2013-3542
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WPHD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!/" with the same password, which makes it easier for remote attackers to obtain access vi...