7580 matches found
Hardcoded credentials
Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption...
CVE-2022-4333
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...
Hardcoded credentials
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...
CVE-2022-4333 Sprecher: Sprecon maintenance access with hardcoded credentials
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...
CVE-2022-4333
CVE-2022-4333 concerns Sprecher Automation SPRECON-E CPU variants with hardcoded credentials that enable a remote attacker to take over the device. Multiple connected sources (Red Hat advisory, Tenable OT plugin, CVE records, and vendor/PT/security databases) consistently describe a vulnerability...
CVE-2022-4333 Sprecher: Sprecon maintenance access with hardcoded credentials
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...
CVE-2023-33778
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...
CVE-2023-33778
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...
CVE-2023-33778
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...
Hardcoded credentials
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...
Hardcoded credentials
DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and...
CVE-2023-33778
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...
PT-2023-9803 · Draytek · Draytek Vigor Switches +3
Name of the Vulnerable Software and Affected Versions: Draytek Vigor Routers versions below 3.9.6/4.2.4 Draytek Vigor Access Points versions below v1.4.0 Draytek Vigor Switches versions below 2.6.7 Draytek Vigor Myvigor versions below 2.3.2 Description: The issue is related to the use of hardcode...
CVE-2023-33778
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...
PT-2023-14192 · Sprecher Automation · Sprecon-E Cpu
Name of the Vulnerable Software and Affected Versions: Sprecher Automation SPRECON-E CPU variants affected versions not specified Description: The issue concerns hardcoded credentials in multiple SPRECON-E CPU variants of Sprecher Automation, allowing a remote attacker to take over the device. To...
CVE-2023-28937
DataSpider Servista 4.4 and earlier is affected by a vulnerability where a cryptographic key is hard-coded into ScriptRunner and ScriptRunner for Amazon SQS. If an attacker with access to a target DataSpider Servista instance can obtain a Launch Settings file, they may operate with the user’s enc...
Buffer overflow
Multiple models of the Uniview IP Camera e.g., IPCG6103 B6103.16.10.B25.201218, IPCG61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPCHCMN offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By using...
Hardcoded credentials
ROZCOM client CWE-798: Use of Hard-coded Credentials...
Hardcoded credentials
ToUI is a Python package for creating user interfaces websites and desktop apps from HTML. ToUI is using Flask-Caching SimpleCache to store user variables. Websites that use Website.uservars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1...
Moxa MXsecurity Series Hardcoded JWT Key Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Moxa MXsecurity Series appliances. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the web-based interface. The issue results from a...