Hardcoded credentials

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read...

Hardcoded credentials

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/boardformupdate.php bocontenttail parameter...

Hardcoded credentials

Technicolor C2000T and C2100T uses hard-coded cryptographic keys...

Hardcoded credentials

IBM Security Guardium Big Data Intelligence SonarG 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035...

Hardcoded credentials

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware...

Hardcoded credentials

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. Also, the accounts ineaadmin and mitsadm...

Broadcom Brocade SANnav CVE-2019-16207 Hardcoded Credentials Vulnerability

Description Broadcom Brocade SANnav is prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable system and perform unauthorized actions. Versions prior to Brocade SANnav 2.0 are vulnerable. Technologies Affected Broadcom...

CVE-2016-2358

Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts...

CVE-2016-2358

Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts...

Hardcoded credentials

Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts...

Hardcoded credentials

Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory...

CVE-2016-2358

Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts...

CVE-2016-2358

CVE-2016-2358 affects Milesight IP security cameras up to 2016-11-14, which ship with a default set of 10 privileged accounts using hardcoded credentials. If the customer has not configured 10 actual user accounts, these default accounts remain accessible, enabling potential unauthorized access.

Hardcoded credentials

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

IBM Security Guardium Big Data Intelligence CVE-2019-4309 Hardcoded Credentials Vulnerability

Description IBM Security Guardium Big Data Intelligence is prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable system and perform unauthorized actions. Security Guardium Big Data Intelligence 4.0 is vulnerable...

Hardcoded credentials

DISPUTED The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access can...

Hardcoded credentials

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...

Hardcoded credentials

The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header...

CVE-2019-15015

In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system...

CVE-2019-15017

The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials...