CVE-2024-21990

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials...

PT-2024-3482 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: The issue is related to the use of hardcoded credentials in the software. An attacker could exploit this to gain unauthorized access to protected information. T...

NetApp ONTAP Select Deploy administration utility 信任管理问题漏洞

NetApp ONTAP Select Deploy administration utility is an administration utility for deploying and managing ONTAP Select clusters from Network Appliance NetApp, Inc. A security vulnerability exists in NetApp ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x , 9.14.1.x, which...

PT-2024-4306 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: The issue is related to the use of hardcoded credentials in the Brocade SANnav software. This allows a remote attacker to perform a man-in-the-middle MITM attac...

PT-2024-5340 · Adtran · Adtran Srg 834-5

Name of the Vulnerable Software and Affected Versions: AdTran SRG 834-5 devices with SmartOS versions prior to 12.1.3.1 Description: The issue is related to the use of hardcoded credentials in the SSH service of the affected devices. This allows a remote attacker to execute arbitrary operating...

PT-2024-2666

Name of the Vulnerable Software and Affected Versions D-Link DNS-320L affected versions not specified D-Link DNS-325 affected versions not specified D-Link DNS-327L affected versions not specified D-Link DNS-340L affected versions not specified Description A critical issue exists in the HTTP GET...

CVE-2023-50894

In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information...

Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution Exploit

Exploit Title: Viessmann Vitogate 300 = 2.1.3.0 - Remote Code Execution RCE - Shodan Dork: http.title:'Vitogate 300' - Exploit Author: ByteHunter - Email: email protected - Version: versions up to 2.1.3.0 - Tested on: 2.1.1.0 - CVE : CVE-2023-5702 & CVE-2023-5222 import argparse import requests...

Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)

Exploit Title: Viessmann Vitogate 300 = 2.1.3.0 - Remote Code Execution RCE - Shodan Dork: http.title:'Vitogate 300' - Exploit Author: ByteHunter - Email: [email protected] - Version: versions up to 2.1.3.0 - Tested on: 2.1.1.0 - CVE : CVE-2023-5702 & CVE-2023-5222 import argparse import...

Viessmann Vitogate 300 2.1.3.0 Remote Code Execution

Exploit Title: Viessmann Vitogate 300 = 2.1.3.0 - Remote Code Execution RCE - Shodan Dork: http.title:'Vitogate 300' - Exploit Author: ByteHunter - Email: [email protected] - Version: versions up to 2.1.3.0 - Tested on: 2.1.1.0 - CVE : CVE-2023-5702 & CVE-2023-5222 import argparse import...

PT-2024-3980

Name of the Vulnerable Software and Affected Versions LenelS2 NetBox versions prior to and including 5.6.1 Description The issue is related to hardcoded credentials in the LenelS2 NetBox access control and event monitoring system. This allows an attacker to bypass authentication requirements. The...

Hardcoded credentials

Maintenance Server, in Cybellum's QCOW air-gapped distribution China Edition, versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key. An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the...

Hardcoded credentials

The Elink Smart eSmartCam com.cn.dq.ipc application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data e.g., over Wi-Fi...

Hardcoded credentials

Transient DOS while processing IE fragments from server during DTLS handshake...

Hardcoded credentials

A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The...

Automatic Systems SOC FL9600 FastLine - Backdoor Account Vulnerability

Exploit Title: Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure Vendor Homepage: http://automatic-systems.com Software Link: Version: V06 Tested on: V06, VersionSVN =...

Automatic-Systems SOC FL9600 FastLine Hardcoded Credentials

Exploit Title: Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin Google Dork: Date: 12/9/2023 Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure Vendor Homepage: http://automatic-systems.com Software Link: Version: V06 Tested on:...

Hardcoded credentials

Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents...

Hardcoded credentials

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks...

Hardcoded credentials

Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...