Hardcoded credentials

The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value...

Hardcoded credentials

GE Healthcare Discovery 530C has a password of bigguy1 for the 1 acqservice user and 2 wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires ...

Hardcoded credentials

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this...

Hardcoded credentials

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by...

AirLink101 SkyIPCam1620W commands injection

Commands injection, hardcoded credentials...

CVE-2015-1011

Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors...

Hardcoded credentials

Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2015-1011

Hospira LifeCare PCA Infusion System (Version 5.0 and earlier) is affected by multiple vulnerabilities, notably hardcoded credentials and insecure data handling. Technical details from ICS-CERT/NVD describe improper authorization (CWE-285) that could allow unauthenticated users root access and in...

CVE-2015-1011

Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors...

Command Vulnerabilities Plague IP Enabled AirLive Cameras

A handful of IP-enabled cameras are susceptible to command injection vulnerabilities that could let attackers decode user credentials and gain complete access to the devices. At least five different types of AirLive cameras, manufactured by OvisLink Corp., an IP surveillance networking solutions...

Hardcoded credentials

The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted 1 SIM or 2 UIM card...

CVE-2015-5067

The 1 Cross-System Tools and 2 Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982...

CVE-2015-5067

The 1 Cross-System Tools and 2 Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982...

Hardcoded credentials

The 1 Cross-System Tools and 2 Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982...

CVE-2015-5067

The CVE-2015-5067 entry affects SAP NetWeaver, specifically the Cross-System Tools and Data Transfer Workbench components. The root cause is hardcoded credentials within these tools, enabling remote access via unspecified vectors. This is supported by multiple sources (NVD/CNVD/PRION/CVE lists) r...

CVE-2015-5067

The 1 Cross-System Tools and 2 Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982...

Hardcoded credentials

CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server BOSS DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access...

Hardcoded credentials

Pearson ProctorCache before 2015.1.17 uses the same hardcoded password across different customers' installations, which allows remote attackers to modify test metadata or cause a denial of service test disruption by leveraging knowledge of this password...

Hardcoded credentials

N-Tron 702-W Industrial Wireless Access Point devices use the same 1 SSH and 2 HTTPS private keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key...

Hardcoded credentials

The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 bit key, which makes it easier for remote attackers to 1 obtain sensitive information by sniffing the network and 2 obtain access to the device by encrypting messages...