PT-2024-28388 · Unknown · Luci-App-Lucky

Name of the Vulnerable Software and Affected Versions: luci-app-lucky version 2.8.3 Description: The issue is related to hardcoded credentials in the software. Recommendations: For luci-app-lucky version 2.8.3, update to a version where the hardcoded credentials issue is resolved, if available. A...

CVE-2024-39208

CVE-2024-39208 affects luci-app-lucky v2.8.3 and stems from hardcoded credentials in the software. Public sources (NVD, Red Hat, CNNVD, CVE listing) assign a high impact with CVSS v3.1 base score 9.8 (Network attack, no user interaction, privileges NONE, scope UNCHANGED; Confidentiality/Integrity...

CVE-2024-39208

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials...

CVE-2024-39208

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials...

Faronics WINSelect Hardcoded Credentials / Bad Permissions / Unhashed Password

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities allowing complete bypass product: Faronics WINSelect Standard + Enterprise vulnerable version: 8.30.xx.903 fixed version: 8.30.xx.903 CVE number:...

CVE-2024-36496 Hardcoded Credentials

The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm no salt and uses the first five bytes as the key for RC...

CVE-2024-36496 Hardcoded Credentials

The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm no salt and uses the first five bytes as the key for RC...

(Pwn2Own) Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BLE AppAuthenRequest command...

PT-2024-20201 · Autel · Autel Maxicharger Ac Elite Business C50

Name of the Vulnerable Software and Affected Versions: Autel MaxiCharger AC Elite Business C50 affected versions not specified Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations...

PaperCut NG VendorKeys Hardcoded Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a VendorKeys object. The issue results from the use of hard-coded...

CVE-2024-34539

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions...

CVE-2024-27164

Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL...

CVE-2024-27164

CVE-2024-27164 affects Toshiba printers (including MFP/e-STUDIO) with hardcoded credentials. The NVD entry notes a CVSSv3.1 base score of 7.1 (LOCAL, HIGH). Connected sources indicate multiple Toshiba printer advisories and vulnerability lists, but do not provide vendor-specific exploit details i...

CVE-2024-27164 Hardcoded credentials

Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL...

CVE-2024-27164 Hardcoded credentials

Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL...

CVE-2024-34539

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions...

PT-2024-21697 · Toshiba · Toshiba Printers

Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue concerns hardcoded credentials in Toshiba printers. There is no information provided about the estimated number of potentially affected devices worldwide or details about...

PT-2024-25958 · Terramaster · Terramaster Tos

Name of the Vulnerable Software and Affected Versions: TerraMaster TOS firmware versions through 5.1 Description: The issue concerns hardcoded credentials in the firmware, allowing a remote attacker to login to the mail or webmail server. These credentials can also be used to access the...

CVE-2024-34539

CVE-2024-34539 describes hardcoded credentials in TerraMaster TOS firmware up to v5.1, enabling remote login to the mail/webmail server and to the administration panel, with privilege actions possible. Remediation noted in connected sources: upgrade to firmware that removes hardcoded credentials ...

The vulnerability of the software recovery and backup console of Veeam Recovery Orchestrator allows a perpetrator to escalate their privileges.

The vulnerability of the software recovery and backup console of Veeam Recovery Orchestrator lies in the use of rigidly encoded credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain increased privileges...