7576 matches found
CVE-2023-21426
The CVE-2023-21426 vulnerability affects Samsung mobile devices running SMR prior to Jan-2023 Release 1, where a hardcoded AES key is used to encrypt card emulation PINs in NFC. The root cause is the hardcoded key in the NFC card emulation workflow, enabling local attackers to access cardemulatio...
PT-2023-1659 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to a flaw in the Linux Kernel, specifically with the tun/tap sockets having their socket UID hardcoded to 0 due to a type confusion in their initialization functio...
Upgraded Q -> 2 from #867 [1675460709593]
Judge has assessed an item in Issue 867 as 2 risk. The relevant finding follows: L-01, ProtocolDAO.sol lines 209 - 216: upgradeExistingContract mistakenly removes the address value of the new contract if the new contract’s name is the same as the old one. This can be easily fixed with unregisteri...
CVE-2022-48113
A vulnerability in TOTOLINK N200REv5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials...
CVE-2022-48113
A vulnerability in TOTOLINK N200REv5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials...
Hardcoded credentials
A vulnerability in TOTOLINK N200REv5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials...
CVE-2022-48113
CVE-2022-48113 affects TOTOLINK N200RE_v5 firmware version V9.3.5u.6139. An unauthenticated attacker can access the telnet service via a crafted POST request and may log in as root using hardcoded credentials. The connected documents confirm the vulnerability details but do not provide a remediat...
CVE-2022-48113
A vulnerability in TOTOLINK N200REv5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials...
CVE-2022-48113
A vulnerability in TOTOLINK N200REv5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials...
TOTOLINK N200RE 信任管理问题漏洞
The TOTOLINK N200RE is a router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK N200RE N200REv5 firmware version V9.3.5u.6139, which originates from a vulnerability that allows an attacker to access the telnet service via a crafted POST request, which can b...
CVE-2023-23132
Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...
CVE-2023-23132
Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...
CVE-2023-23132
Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...
PT-2023-15515 · Undefined · Undefined
exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...
PT-2023-15516 · Undefined · Undefined
exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...
PT-2023-15514 · Undefined · Undefined
exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...
PT-2023-15517 · Undefined · Undefined
exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...
CVE-2022-43978 Limited Authentication bypass due to hardcoded secret
There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order t...
CVE-2022-43978 Limited Authentication bypass due to hardcoded secret
There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order t...
CVE-2023-24022
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...