7574 matches found
Hardcoded credentials
A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded password. The exploit has been disclosed to t...
Upgraded Q -> 2 from #404 [1684435083624]
Judge has assessed an item in Issue 404 as 2 risk. The relevant finding follows: Global Budget Constraint is said to be 2% in Docs But It Is 3% in The code Description: In the docs it is mentioned that Global Budget Constraint should be 2% but in the code here it is hardcoded to 3%. --- The text...
CVE-2023-30354
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access...
CVE-2023-30351
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service or UART by using the exposed credentials...
Hardcoded credentials
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed...
Hardcoded credentials
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access...
PT-2023-22650 · Shenzen Tenda Technology · Tenda Ip Camera Cp3
Name of the Vulnerable Software and Affected Versions: Shenzen Tenda Technology IP Camera CP3 version V11.10.00.2211041355 Description: The issue concerns physical access to U-Boot via the UART, where the Wi-Fi password is exposed, and a hardcoded boot password can be used for console access...
Tenda CP3 信任管理问题漏洞
Tenda CP3 is a smart camera from Tenda China. A security vulnerability exists in Tenda CP3 version V11.10.00.2211041355, which stems from the device containing a hardcoded default password for RTSP mentions...
CVE-2023-30354
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access...
CVE-2023-30354
The CVE-2023-30354 entry concerns Shenzen Tenda CP3 IP Camera (v11.10.00.2211041355). The issue arises from allowing physical access to U-Boot via UART, which exposes the Wi‑Fi password and enables a hardcoded boot password to be entered for console access. Affected component: U-Boot console on C...
Hardcoded credentials
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1, SIMATIC Cloud Connect 7 CC716 All versions V2.1. The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected dat...
Mitigation of M-04: Mitigation error
MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-04: Mitigation error Link to Issue: code-423n4/2023-03-asymmetry-findings932 Comments Even though the original issue is mitigated, as the exchange through Uniswap V3 has been completely removed in favor of using...
Hardcoded credentials
A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round function in box.cc, which causes a denial of service...
_deployPod() is using hardcoded salt value which can cause issues
Lines of code Vulnerability details Impact deployPod is deploying pod but there is a hardcoded salt value of 0 which can cause issue Proof of Concept There is a risk of address collisions if two different users call the deployPod function with the same input parameters at the same time. This coul...
D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The...
Hardcoded credentials
A use of hard-coded credentials vulnerability CWE-798 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands...
Hardcoded credentials
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
Hardcoded credentials
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...
Hardcoded credentials
The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information...
Hardcoded credentials
An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML...