122 matches found
CVE-2025-4010 Arbitrary Command Injection in Netcom NTC-6200 & NWL-222
The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with...
Diviotec professional series 命令注入漏洞
Diviotec professional series is a series of professional video surveillance products from Diviotec Corporation, USA. A security vulnerability exists in Diviotec professional series, which is caused by arbitrary command injection and hard-coded passwords in the exposed web interface...
PT-2025-23474 · Diviotec · Diviotec Professional Series
Name of the Vulnerable Software and Affected Versions: The Diviotec professional series affected versions not specified Description: The issue concerns the exposure of a web interface in the Diviotec professional series, where one endpoint is vulnerable to arbitrary command injection. Additionall...
CVE-2021-37163
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded...
CVE-2020-25752
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. T...
TOTOLINK A810R Trust Management Issue Vulnerability
TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. A trust management issue vulnerability exists in TOTOLINK A810R version V4.1.2cu.5182B20201026, which stems from the presence of hardcoded passwords in product.ini. An attacker can exploit the vulnerability to...
TOTOLINK A810R 安全漏洞
TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. A trust management issue vulnerability exists in TOTOLINK A810R version V4.1.2cu.5182B20201026, which stems from the presence of hardcoded passwords in product.ini. An attacker can exploit the vulnerability to...
CVE-2024-8551
CVE-2024-8551 : A path traversal vulnerability affects modelscope/agentscope in the save-workflow and load-workflow functionality, present in versions prior to the fix. An attacker can read and write arbitrary JSON files on the filesystem, potentially exposing or modifying sensitive data (config ...
Dahua Security Digital Video Recorders Credentials Management Errors (CVE-2013-3612)
Dahua DVR appliances have a hardcoded password for 1 the root account and 2 an unspecified backdoor account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving a ActiveX, b a standalone client, or c unknown other vectors. This plugin on...
Exploit for Server-Side Request Forgery in Havocframework Havoc
Havoc-C2-RCE CVE-2024-41570 This is a Chained RCE CVE-2024-...
Baxter Life2000 信任管理问题漏洞
The Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. A trust management issue vulnerability exists in Baxter Life2000 version 06.08.00.00 and prior versions, which stems from the clinician password and serial number clinician password, hardcoded in plaintext in the device, whic...
IBM Security Verify Access Appliance Insecure Transit / Hardcoded Passwords
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 4 vulnerabilities in ibmsecurity Advisory URL: https://pierrekim.github.io/advisories/2024-ibmsecurity.txt Blog URL: https://pierrekim.github.io/blog/2024-11-01-ibmsecurity-4-vulnerabilities.html Date published: 2024-11-0...
CVE-2024-45275
CVE-2024-45275 concerns a trust-management vulnerability in Helmholz Rex100 wireless routers where two hard-coded user accounts with fixed passwords enable an unauthenticated remote attacker to gain full control of the device. Public sources in the provided connected documents specify affected de...
CVE-2024-45275 MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices...
CVE-2024-45275 MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices...
mySCADA myPRO Trust Management Issues Vulnerabilities
mySCADA myPRO is a software application. myPRO is a professional HMI/SCADA system designed primarily for the visualization and control of industrial processes. A trust management issue vulnerability exists in versions of mySCADA myPRO prior to 8.31.0 that stems from the use of hardcoded passwords...
mySCADA myPRO 安全漏洞
mySCADA myPRO is a software application. myPRO is a professional HMI/SCADA system designed primarily for the visualization and control of industrial processes. A trust management issue vulnerability exists in versions of mySCADA myPRO prior to 8.31.0 that stems from the use of hardcoded passwords...
CVE-2024-32210
The Red Hat–listed CVEs map to LoMag LoMag Inventory Management v1.0.20.120 and earlier. Concrete issues include: hard-coded passwords by default for forms and SQL connections (CVE-2024-32210); local information disclosure via UserClass.cs and Settings.cs (CVE-2024-32211); SQL Injection via Artic...
Rocky Linux 8 : Rocky Enterprise Software Foundation Ceph Storage 4.1 (RLSA-2020:2231)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:2231 advisory. - A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. A...
Fortinet FortiSIEM 信任管理问题漏洞
Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation, and unified management. A trust management issue vulnerability exists in Fortinet FortiSIEM versio...