7575 matches found
Hardcoded credentials
A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows taking control of the affected system...
Hardcoded credentials
PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key PanIndex is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, on...
Hardcoded credentials
Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file...
Hardcoded credentials
Akuvox E11 uses a hard-coded cryptographic key, which could allow an attacker to decrypt sensitive information...
PT-2023-1633 · Unknown · Mxsecurity
Name of the Vulnerable Software and Affected Versions: MXsecurity version 1.0 Description: The issue is related to hardcoded credentials in MXsecurity, which can be exploited to craft arbitrary JWT tokens and bypass authentication for web-based APIs. This allows a remote attacker to elevate their...
Hardcoded credentials
Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336...
Osprey Pump Controller 1.0.1 Administrator Backdoor Access Vulnerability
Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list 120 of the application and the passwo...
Osprey Pump Controller 1.0.1 Administrator Backdoor Access
Osprey Pump Controller 1.0.1 Administrator Backdoor Access Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mirage...
ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root Vulnerability
ASUS ASMB8 iKVM firmware versions 1.14.51 and below suffers from a flaw where SNMPv2 can be used with write access to introduce arbitrary extensions to achieve remote code execution as root. The researchers also discovered a hardcoded administrative account...
ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ASUS ASMB8 iKVM RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023 Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM...
Osprey Pump Controller 1.0.1 Administrator Backdoor Access
Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...
Hardcoded credentials
Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links i.e. creating a Gradio app and then setting share=True, a private SSH key is sent to any...
CVE-2022-46637
Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services...
CVE-2022-46637
Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services...
Hardcoded credentials
Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services...
PT-2023-14973 · Prolink · Prolink Router Prs1841
Name of the Vulnerable Software and Affected Versions: Prolink router PRS1841 Description: The Prolink router PRS1841 contains hardcoded credentials for its Telnet and FTP services. This issue allows unauthorized access to the device. Recommendations: For Prolink router PRS1841, consider changing...
CVE-2022-46637
CVE-2022-46637 concerns the ProLink router PRS1841, which is reported to contain hardcoded credentials for Telnet and FTP, enabling unauthorized access. The CVE entry cites a CRITICAL 9.8 CVSS score (Network vector, low complexity, no user interaction) with high impact on confidentiality, integri...
CVE-2022-46637
Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services...
CVE-2022-46637
Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services...
SUSE CVE-2015-2907
Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password...