Lucene search
K

3041 matches found

Prion
Prion
added 2023/06/01 4:15 a.m.21 views

Hardcoded credentials

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

7.5CVSS9.4AI score0.00599EPSS
Exploits1References1Affected Software72
Prion
Prion
added 2023/06/01 2:15 a.m.13 views

Hardcoded credentials

DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and...

6.5CVSS8.6AI score0.00812EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.2 views

PT-2023-14192 · Sprecher Automation · Sprecon-E Cpu

Name of the Vulnerable Software and Affected Versions: Sprecher Automation SPRECON-E CPU variants affected versions not specified Description: The issue concerns hardcoded credentials in multiple SPRECON-E CPU variants of Sprecher Automation, allowing a remote attacker to take over the device. To...

9.8CVSS9.3AI score0.00851EPSS
Exploits1References4
Prion
Prion
added 2023/05/31 8:15 p.m.16 views

Buffer overflow

Multiple models of the Uniview IP Camera e.g., IPCG6103 B6103.16.10.B25.201218, IPCG61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPCHCMN offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By using...

7.5CVSS9.9AI score0.04225EPSS
Exploits1References2
Prion
Prion
added 2023/05/30 8:15 p.m.21 views

Hardcoded credentials

ROZCOM client CWE-798: Use of Hard-coded Credentials...

4.3CVSS7.7AI score0.02327EPSS
Exploits0References1
Prion
Prion
added 2023/05/30 5:15 a.m.27 views

Hardcoded credentials

ToUI is a Python package for creating user interfaces websites and desktop apps from HTML. ToUI is using Flask-Caching SimpleCache to store user variables. Websites that use Website.uservars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1...

5CVSS7.5AI score0.00651EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/05/23 2:15 a.m.19 views

Hardcoded credentials

JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker...

3.3CVSS6.4AI score0.00279EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/05/22 7:15 a.m.7 views

CVE-2023-33236

MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs...

9.8CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2023/05/22 7:15 a.m.18 views

Hardcoded credentials

MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs...

7.5CVSS9.7AI score0.00973EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/22 6:40 a.m.83 views

CVE-2023-33236

CVE-2023-33236 affects Moxa MXsecurity Series software v1.0, where a vulnerability involving hard-coded credentials could be exploited to craft arbitrary JWT tokens and bypass authentication for web-based APIs. The issue enables remote exploitation with low attack complexity and no user interacti...

9.8CVSS9.7AI score0.00973EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/18 4:15 p.m.19 views

Hardcoded credentials

A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded password. The exploit has been disclosed to t...

5.8CVSS9.2AI score0.00815EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/05/10 4:15 p.m.26 views

Hardcoded credentials

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access...

7.5CVSS9.3AI score0.00445EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/05/09 1:15 p.m.18 views

Hardcoded credentials

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1, SIMATIC Cloud Connect 7 CC716 All versions V2.1. The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected dat...

4CVSS4.9AI score0.00387EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/05/05 4:15 p.m.15 views

Hardcoded credentials

A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round function in box.cc, which causes a denial of service...

4.3CVSS6.2AI score0.00927EPSS
Exploits1References3Affected Software2
Zero Day Initiative
Zero Day Initiative
added 2023/05/04 12:0 a.m.22 views

D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The...

8.8CVSS7AI score0.00916EPSS
Exploits0References1
Prion
Prion
added 2023/05/03 10:15 p.m.11 views

Hardcoded credentials

A use of hard-coded credentials vulnerability CWE-798 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands...

4.3CVSS7.5AI score0.00164EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/04/28 1:15 p.m.15 views

Hardcoded credentials

The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...

5CVSS7.6AI score0.00577EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/28 1:15 p.m.18 views

Hardcoded credentials

Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...

7.5CVSS9.4AI score0.00621EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/28 1:15 p.m.14 views

Hardcoded credentials

The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information...

5CVSS7.5AI score0.0053EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/27 9:15 p.m.16 views

Hardcoded credentials

An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML...

6.5CVSS8.6AI score0.14112EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder