CVE-2016-1491

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area...

CVE-2016-1491

Summary of CVE-2016-1491 (Lenovo SHAREit) : CoreLabs’ advisory confirms a hard-coded password vulnerability in Lenovo SHAREit for Windows prior to version 3.2.0 where a Wi‑Fi hotspot is created to receive files using the fixed password “12345678,” enabling a remote attacker within WLAN range to g...

CVE-2016-1984

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a 1 SSH or 2 HTTP session, a different vulnerability than CVE-2015-8362...

CVE-2016-1984

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a 1 SSH or 2 HTTP session, a different vulnerability than CVE-2015-8362...

CVE-2015-8362

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a 1 SSH or 2 HTTP session, a different vulnerability than CVE-2016-1984...

CVE-2016-1984

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a 1 SSH or 2 HTTP session, a different vulnerability than CVE-2015-8362...

CVE-2015-8362

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a 1 SSH or 2 HTTP session, a different vulnerability than CVE-2016-1984...

CVE-2016-1984

The CVE-2016-1984 issue concerns Harman AMX devices where the setUpSubtleUserAccount function in /bin/bw uses a hard-coded 1MB@tMaN password (and related 1.4.x hard-coded 1MB@tMaN on certain builds), enabling remote access via SSH or HTTP. Affected firmware lines include 1.4.65 through 1.4.72, wi...

CVE-2015-8362

CVE-2015-8362 affects Harman AMX devices (various NetLinx controllers, Massio MCP-10x, Enova DGX/DVX lines, NI/NX series, ME260/64, etc.) where the setUpSubtleUserAccount function in /bin/bw uses a hard-coded BlackWidow diagnostic account password. This creates remote-access risk via SSH or HTTP ...

CVE-2016-1909

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the FortimanagerAccess account, which allows...

Cisco Patches Hardcoded Password, DoS Vulnerabilities in Software

Cisco patched a handful of issues across its software line this week, including two critical vulnerabilities that could lead to the complete compromise of any devices running the software, and a hardcoded password that exists in some access points made by the company. According to security...

FingerTec Default Root Password / Remote Enrollment

Exploit Title: Default Root Password and Remote Enrollment on FingerTec Devices Date: 12-01-2016 Exploit Author: Daniel Lawson Contact: http://twitter.com/fang0654 Website: https://digital-panther.com Category: physical access control 1. Description Almost all FingerTec Access Control devices are...

FingerTec Fingerprint Reader - Remote Access and Remote Enrolment

FingerTec Fingerprint Reader - Remote Access and Remote Enrolment Exploit Title: Default Root Password and Remote Enrollment on FingerTec Devices Date: 12-01-2016 Exploit Author: Daniel Lawson Contact: http://twitter.com/fang0654 Website: https://digital-panther.com Category: physical access...

FingerTec Fingerprint Reader - Remote Access and Remote Enrolment

Exploit Title: Default Root Password and Remote Enrollment on FingerTec Devices Date: 12-01-2016 Exploit Author: Daniel Lawson Contact: http://twitter.com/fang0654 Website: https://digital-panther.com Category: physical access control 1. Description Almost all FingerTec Access Control devices are...

CVE-2015-7251

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session...

CVE-2015-7251

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session...

CVE-2015-7251

CVE-2015-7251 affects ZTE ZXHN H108N R1A routers (and related models) where the Telnet service uses hard-coded credentials, enabling an attacker with network access to log in as root and gain full control. The root account password is fixed as 'root' in affected firmwares (e.g., ZTE.bhs.ZXHNH108N...

CVE-2015-6481

CVE-2015-6481 affects Moxa OnCell Central Manager Software prior to version 2.2. The vulnerability arises from a hard-coded root credential in the RequestController.login function, enabling remote attackers to obtain administrative access and potentially execute code on affected systems. NVD and ...

Seagate GoFlex Satellite Remote Telnet Default Password

Vulnerability Details Affected Vendor: Seagate Affected Product: GoFlex Satellite Affected Version: 1.3.7 Platform: Embedded Linux CWE Classification: CWE-288: Authentication Bypass Using an Alternate Path or Channel; CWE-798: Use of Hard-coded Credentials Impact: Remote Administration Attack...

KLA10704 Multiple vulnerabilities in ARRIS cable modems.

Multiple serious vulnerabilities have been found in ARRIS cable modems. Malicious users can exploit these vulnerabilities to gain privileges or inject arbitrary code. Below is a complete list of vulnerabilities: 1. Predictable technician password can be exploited remotely to gain technician...