Hardcoded credentials

Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation...

CVE-2017-7576

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials such as the username of energetic and password of wireless meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in...

Hardcoded credentials

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials such as the username of energetic and password of wireless meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in...

CVE-2017-7576

CVE-2017-7576 affects DragonWave Horizon 1.01.03 wireless radios, where hardcoded credentials (e.g., energetic/ wireless) grant access via web interface or TELNET. The root cause is embedded default credentials that bypass authentication, enabling unauthorized device access. Documents from multip...

Hardcoded credentials

Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH...

Hardcoded credentials

Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...

Hardcoded credentials

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an...

SICUNET Access Controller Multiple Vulnerabilities

SICUNET Access Controller is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Hardcoded credentials

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account...

Hardcoded credentials

An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password...

NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution

NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...

Hardcoded credentials

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

Hardcoded credentials

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML pag...

Hardcoded credentials

Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Hardcoded credentials

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page...

Hardcoded credentials

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP...

Hardcoded credentials

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device...

Hardcoded credentials

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication...

Hardcoded credentials

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell...

Hardcoded credentials

An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607...