AT&T U-verse Arris Modems NVG589 / NVG599 / 5268AC Multiple Vulnerabilities (SharknATTo)

The remote Arris device's self report model is NVG589, NVG599 or 5268AC. It is, therefor, affected by multiple vulnerabilities, including a firewall bypass, multiple instances of hardcoded credentials, privilege escalation, and remote code execution. Note: Nessus has not checked the firmware...

Bugs in Arris Modems Distributed by AT&T Vulnerable to Trivial Attacks

Trivially exploitable vulnerabilities have been discovered in several Arris home modems, routers and gateways distributed to consumers and small businesses through AT&T’s U-verse service. It’s unknown yet whether the firmware vulnerabilities were introduced by the OEM or the ISP since AT&T seems ...

Hardcoded credentials

In The Sleuth Kit TSK 4.4.2, fls hangs on a corrupt exfat image in tskimgread in tsk/img/imgio.c in libtskimg.a...

Orange Aliyun OSS credentials suffer from information leakage vulnerability

Orange APP is an erotic community app. AliCloud Object Storage ServiceObject Storage Service, or OSS for short, is a massive, secure and highly reliable cloud storage service provided by AliCloud to the public. There is an information leakage vulnerability in the Orange Aliyun OSS credentials. Th...

Philips' DoseWise Portal Hardcoding Vulnerability

Philips' DoseWise Portal is a web-based reporting and tracking tool for radiation exposure. A hard-coded vulnerability exists in Philips' DoseWise Portal. An attacker exploiting this vulnerability would first require elevated privileges in order for the attacker to access web application back-end...

Hardcoded credentials

DISPUTED An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same...

Hardcoded credentials

MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service...

Two Popular IP Cameras Riddled With Vulnerabilities

Two consumer-grade IP-enabled security cameras manufactured by Loftek and VStartcam are riddled with nearly two dozen vulnerabilities that expose them to remote attacks. According to researchers, more than 1.3 million of the cameras are in use today, with 200,000 models located in the United...

CVE-2017-2280

WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

CVE-2017-2283

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

Hardcoded credentials

WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

Hardcoded credentials

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

CVE-2017-2280

WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

CVE-2017-2283

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

CVE-2017-2280

The CVE-2017-2280 entry affects I-O DATA WN-AX1167GR devices with firmware 3.00 and earlier. The root cause is hardcoded credentials embedded in the firmware, which may allow an attacker who can access the device to execute arbitrary code on the device. Documented impact is that an authenticated ...

CVE-2017-2283

CVE-2017-2283 affects I-O DATA WN-G300R3 (and WN-G300R31) wireless routers. Firmware 1.0.2 and earlier contains hard-coded credentials (CWE-798), which may allow an attacker with network access to the device to execute arbitrary code. Affected devices and impact are documented in multiple sources...

CVE-2017-2280

WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

CVE-2017-2283

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

Legislation Proposed to Secure Connected IoT Devices

A Senate bill introduced today would prioritize security in connected devices, requiring providers who sell to the U.S. government to implement measures that would have been an impediment to the IoT botnet-fueled attacks against DNS provider Dyn and webhost OVH. The Internet of Things Cybersecuri...

Hardcoded credentials

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user...