32 matches found
CVE-2022-30271
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...
GHSA-GFM8-G3VM-53JH Malicious Package in leetlog
Versions 0.1.2 and 0.1.3 of leetlog contain malicious code. The package adds an arbitrary hardcoded SSH key identified as hacker@evilmachine to the system's authorizedkeys Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets an...
CVE-2020-15316
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree...
CVE-2020-15317
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree...
CVE-2020-15340
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/defaultaxess/axess/TR69/Handlers/turbolink/sshkeys/idrsa SSH key...
Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution
Hello, Please find a text-only version below sent to security mailing lists. The HTML version on "Multiple vulnerabilities found in Zyxel CNM SecuManager" is posted here: https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html === text-version of the advisory ===...
Flaws Riddle Zyxel’s Network Management Software
Security researchers are warning that networking hardware vendor Zyxel and its Cloud CNM SecuManager software is chock-full of unpatched vulnerabilities that kick open the doors for hackers to exploit. In all, researchers have identified 16 vulnerabilities, ranging from multiple backdoors and...
CVE-2018-6825
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access...
Researcher Outlines Multiple Vulnerabilities in Quanta Routers
Routers manufactured by Quanta are riddled with critical vulnerabilities–backdoors, a hardcoded SSH key, and remote code execution flaws, to name a few–that won’t be patched because the company considers the product end of life. Researcher Pierre Kim found the flaws and reasons that the flaws are...
Quanta LTE Router Code Execution / Backdoor Accounts
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: Multiple vulnerabilities found in Quanta LTE routers backdoor, backdoor accounts, RCE, weak WPS ... Advisory URL: https://pierrekim.github.io/advisories/2016-quanta-0x00.txt Blog URL:...
CVE-2015-6476
Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session...
CVE-2015-2907
Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password...