CVE-2018-6213

In the web server on D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account...

CVE-2018-6213

Summary: CVE-2018-6213 affects D-Link DIR-620 devices with ISP-customized firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0 and 2.0.22. The issue is a hardcoded admin password set to “anonymous” in the web server, enabling privileged access without authentication. The connected documents corrobo...

Dedos-web Hardcoded Password Vulnerability

Dedos-web is a set of online tools for executing programs designed using DEDOS-Editor. A security vulnerability exists in version 1.0 of Dedos-web. The vulnerability stems from the program's use of the Passport.js package to provide authentication policies. An attacker can exploit the vulnerabili...

CVE-2018-11482

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password...

CVE-2018-11482

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password...

CVE-2018-11482

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password...

CVE-2018-11482

CVE-2018-11482 affects TP-LINK IPC device families (TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, TL-IPC40A-4) via /usr/lib/lua/luci/websys.lua which contains a hardcoded password (zMiVw8Kw0oxKXL0). Root cause: hardcoded credentials in the websys.lua module leading to insufficient access control...

PT-2018-3887 · D Link · Dir-620

Name of the Vulnerable Software and Affected Versions: D-Link DIR-620 devices with customized firmware versions 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22 Description: The issue is related to a hardcoded password for the admin account, specifically set to anonymous. This could allow a...

heinekingmedia StashCat for Android Hardcoded Password Vulnerability

heinekingmedia StashCat for Android is an Android-based enterprise communication software from the German company heinekingmedia. A security vulnerability exists in heinekingmedia StashCat 1.7.5 and earlier versions for the Android platform, which stems from the program's use of hard-coded...

CVE-2018-10723

Directus 6.4.9 contains a hardcoded admin password for the Admin account caused by an INSERT in api/schema.sql. Multiple sources (CNVD-2018-09196, NVD CVE-2018-10723, OSV, PRION) describe this as an elevation of privilege/vector involving a hardcoded credential, enabling potential administrator a...

CVE-2018-10723

Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql...

SUSE-SU-2018:1102-1 Security update for python-Django

This update for python-Django fixes the following issues: Security issues fixed: - CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. bsc1083305 - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters. bsc1083304 - CVE-2017-12794:...

CVE-2018-10328

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...

CVE-2018-10328

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...

CVE-2018-10328

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...

CVE-2018-10328

CVE-2018-10328 affects Momentum Axel 720P devices running version 5.1.8. The issue is a hardcoded password for the appagent account, allowing remote attackers to view the RTSP video stream. Documented CVSS: CVSS v3.0 base score 7.4 (HIGH), with ADJACENT network access, no user interaction, and co...

Momentum Axel 720P Information Disclosure Vulnerability

The Momentum Axel 720P is a dual-band HD camera that supports WiFi connectivity. A security vulnerability exists in the Momentum Axel 720P version 5.1.8, which stems from the appagent account using the hardcoded password: streaming.A remote attacker can exploit this vulnerability to view the vide...

Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE

Subject: Shenzhen TVT Digital Technology Co. Ltd & OEM DVR/NVR/IPC API RCE Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Python PoC: https://github.com/mcw0/PoC/blob/master/TVT-PoC.py Release date: April 9,...

CVE-2014-3413

The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access...

CVE-2014-3413

The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access...