PT-2024-4306 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: The issue is related to the use of hardcoded credentials in the Brocade SANnav software. This allows a remote attacker to perform a man-in-the-middle MITM attac...

NetApp ONTAP Select Deploy administration utility 信任管理问题漏洞

NetApp ONTAP Select Deploy administration utility is an administration utility for deploying and managing ONTAP Select clusters from Network Appliance NetApp, Inc. A security vulnerability exists in NetApp ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x , 9.14.1.x, which...

Hardcoded TLS keys used by Docker (CVE-2024-29963).

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Brocade SANnav doesn't have access to remote Docker registries, and knowledge of the keys is a minimal risk as SANnav is prevented from communicating with Docker registries VEX code:...

AMCS Group Trux Waste Management Software 安全漏洞

AMCS Group Trux Waste Management Software is a waste management software application from the AMCS Group organization. A security vulnerability exists in AMCS Group Trux Waste Management Software versions prior to 7.19.0018.26912, which originated from a vulnerability that allows a local attacker...

Apache Superset < 2.1.0 Hardcoded Secret Key

Apache Superset versions prior to 2.1.0 uses a default secret to sign cookies. An unauthenticated attacker can use this default value to forge a cookie and authenticate himself as administrator. No source data...

CVE-2024-28066

In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used a hardcoded root password...

CVE-2024-28066

In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used a hardcoded root password...

PT-2024-5340 · Adtran · Adtran Srg 834-5

Name of the Vulnerable Software and Affected Versions: AdTran SRG 834-5 devices with SmartOS versions prior to 12.1.3.1 Description: The issue is related to the use of hardcoded credentials in the SSH service of the affected devices. This allows a remote attacker to execute arbitrary operating...

PT-2024-22247 · Unify · Unify Cp Ip Phone

Name of the Vulnerable Software and Affected Versions: Unify CP IP Phone version 1.10.4.3 Description: The issue is related to weak credentials, specifically a hardcoded root password, in the firmware. Recommendations: For Unify CP IP Phone version 1.10.4.3, consider changing the hardcoded root...

CVE-2024-28066

In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used a hardcoded root password...

CVE-2024-28066

CVE-2024-28066 affects Unify CP IP Phone firmware 1.10.4.3. The root cause is a hardcoded root password enabling weak credentials, rated CVSSv3.1: 8.8 (HIGH) with Adjacent access, no user interaction required. The Red Hat/NVD/CVE entries corroborate the issue; exploitation status is not documente...

PT-2024-21918 · Unknown · Zlmediakit

Name of the Vulnerable Software and Affected Versions: ZLMediaKit versions 1.0 through 8.0 Description: The issue allows remote attackers to escalate privileges and obtain sensitive information due to an Incorrect Access Control vulnerability. The application system enables the http API interface...

PT-2024-2666

Name of the Vulnerable Software and Affected Versions D-Link DNS-320L affected versions not specified D-Link DNS-325 affected versions not specified D-Link DNS-327L affected versions not specified D-Link DNS-340L affected versions not specified Description A critical issue exists in the HTTP GET...

CVE-2023-50894

In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information...

CVE-2024-22083

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks...

CVE-2024-22083

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks...

CVE-2024-22083

The vulnerability CVE-2024-22083 affects Elspec G5 digital fault recorder versions 1.1.4.15 and earlier. The issue is a hardcoded backdoor session ID that enables unauthorized access to the device, including reconfiguration tasks. Affected components are the system’s session handling/backdoor mec...

PT-2024-19194 · Elspec · Elspec G5 Digital Fault Recorder

Name of the Vulnerable Software and Affected Versions: Elspec G5 digital fault recorder versions 1.1.4.15 and before Description: An issue was discovered in the Elspec G5 digital fault recorder. A hardcoded backdoor session ID exists that can be used for further access to the device, including...

CVE-2022-47036

Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware,...

CVE-2022-47036

Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware,...