CVE-2024-2420

Summary: CVE-2024-2420 affects LenelS2 NetBox access control and event monitoring system. A hard-coded credential vulnerability in versions prior to and including 5.6.1 allows an attacker to bypass authentication. Affected product/versions are LenelS2 NetBox

CVE-2024-35341

Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords encrypted with a hardcoded key common to all devices. This...

CVE-2024-35344

Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800NN2, YMF50B, YM800SV2, YM500L8, and YM200E10...

PT-2024-26442 · Anpviz · Anpviz

Name of the Vulnerable Software and Affected Versions: Anpviz products versions 3.2.2.2 and lower Description: The issue allows unauthenticated users to download the running configuration of the device via a HTTP GET request to "/ConfigFile.ini" or "/config.xml" URIs. This configuration file...

CVE-2024-36049

Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personal...

CVE-2024-36049

Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personal...

CVE-2024-36049

Aptos Wisal Payroll Accounting prior to version 7.1.6 is affected by a vulnerability where the Windows client uses hardcoded credentials to fetch the full list of usernames and passwords from the database over an unencrypted connection. This enables a machine-in-the-middle attacker to read and wr...

CVE-2024-35395

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root...

CVE-2024-35396

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a hardcoded password for telnet in /webcste/cgi-bin/product.ini, which allows attackers to log in as root...

CVE-2024-35396

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a hardcoded password for telnet in /webcste/cgi-bin/product.ini, which allows attackers to log in as root...

CVE-2024-35395

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root...

CVE-2024-35395

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root...

CVE-2024-35395

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root...

CVE-2024-35395

CVE-2024-35395 affects TOTOLINK CP900L (v4.1.5cu.798_B20221228). A hardcoded password in /etc/shadow.sample allows an attacker to log in as root. Impact is root access with high severity (CVSS v3.1: 8.8; Network attack, low privileges required, no user interaction). Connected sources confirm the ...

CVE-2024-35396

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a hardcoded password for telnet in /webcste/cgi-bin/product.ini, which allows attackers to log in as root...

CVE-2024-35396

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a hardcoded password for telnet in /webcste/cgi-bin/product.ini, which allows attackers to log in as root...

CVE-2024-35396

TOTOLINK CP900L v4.1.5cu.798_B20221228 is affected by a hardcoded password for telnet stored in /web_cste/cgi-bin/product.ini, enabling root login. The CVE entry does not specify a fixed fix; multiple connected sources reference mitigation ideas (e.g., disabling telnet, patching firmware), but no...

PT-2024-26862 · Aptos +1 · Aptos Wisal Payroll Accounting +1

Name of the Vulnerable Software and Affected Versions: Aptos Wisal payroll accounting versions prior to 7.1.6 Description: The issue allows attackers in a machine-in-the-middle position to gain read and write access to personally identifiable information PII and payroll data. It also enables them...

PT-2024-3807 · Totolink · Totolink Cp900L

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP900L version 4.1.5cu.798 B20221228 Description: The issue is related to a hardcoded password for telnet in the /web cste/cgi-bin/product.ini file, allowing attackers to log in as root. This is due to the use of predefined credentia...

PT-2024-26476 · Totolink · Totolink Cp900L

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP900L version 4.1.5cu.798 B20221228 Description: A hardcoded password issue was found in the /etc/shadow.sample file, allowing attackers to log in as root. Recommendations: For TOTOLINK CP900L version 4.1.5cu.798 B20221228, consider...