Lucene search
K

7578 matches found

Cvelist
Cvelist
added 2023/01/27 12:0 a.m.16 views

CVE-2022-43978 Limited Authentication bypass due to hardcoded secret

There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order t...

5.6CVSS5.8AI score0.00304EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:18 p.m.2 views

CVE-2023-24022

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

9.8CVSS7.3AI score0.01557EPSS
Exploits0References3
NVD
NVD
added 2023/01/26 9:18 p.m.11 views

CVE-2023-24022

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

10CVSS9.5AI score0.01557EPSS
Exploits0References3
Prion
Prion
added 2023/01/26 9:18 p.m.13 views

Hardcoded credentials

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

7.5CVSS9.3AI score0.01557EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2023/01/24 3:51 p.m.15 views

CVE-2023-24022 Hard Coded Credential Crypt Vulnerability

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

10CVSS9.6AI score0.01557EPSS
Exploits0References3
CVE
CVE
added 2023/01/24 3:51 p.m.52 views

CVE-2023-24022

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware RTS/RTD 3.7.11.3 contain hardcoded credentials stored in the firmware and encrypted by the crypt function, allowing remote attackers to authenticate via SSH. This is documented across multiple sources (NVD/Red Hat/CNNV...

10CVSS9.6AI score0.01557EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2023/01/24 3:51 p.m.10 views

CVE-2023-24022 Hard Coded Credential Crypt Vulnerability

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

10CVSS7.2AI score0.01557EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.3 views

PT-2023-19365 · Baicells · Baicells Nova 233 +2

Name of the Vulnerable Software and Affected Versions: Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 Description: The issue concerns hardcoded credentials in the firmware of the affected devices. These credentials are easily discoverable a...

10CVSS9.2AI score0.01557EPSS
Exploits0References5
Prion
Prion
added 2023/01/21 1:15 a.m.15 views

Hardcoded credentials

The HTML-StripScripts module through 1.06 for Perl allows hssattvalstyle ReDoS because of catastrophic backtracking for HTML content with certain style attributes...

5CVSS7.3AI score0.01116EPSS
Exploits1References5Affected Software2
Prion
Prion
added 2023/01/14 1:15 a.m.16 views

Authentication flaw

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...

7.5CVSS9.4AI score0.01147EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/13 12:0 a.m.4 views

PT-2023-1540 · Totolink · Totolink Ca300-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA300-PoE version 6.2c.884 Description: The issue is related to the use of hardcoded credentials in the /etc/config/product.ini component of the TOTOLINK CA300-PoE router's firmware. This could allow a remote attacker to disclose...

7.8CVSS7.4AI score0.00656EPSS
Exploits1References4
Prion
Prion
added 2023/01/12 11:15 p.m.17 views

Hardcoded credentials

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These...

6.4CVSS9.1AI score0.00321EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/01/12 4:15 p.m.16 views

Hardcoded credentials

EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user...

7.5CVSS9.3AI score0.00621EPSS
Exploits0References1
Prion
Prion
added 2023/01/11 10:15 a.m.16 views

Hardcoded credentials

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contains a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges...

7.5CVSS9.4AI score0.00472EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/10 8:15 a.m.20 views

Hardcoded credentials

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context...

5.8CVSS6.3AI score0.00568EPSS
Exploits1References2Affected Software2
Prion
Prion
added 2023/01/07 9:15 a.m.14 views

Hardcoded credentials

A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The identifier VDB-217593 was assigned to this vulnerability...

7.5CVSS9.5AI score0.00863EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/01/06 5:37 p.m.45 views

KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys

Summary The jwt authentication function of kubepi = v1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Details session.go, the use of...

9.8CVSS9.1AI score0.69667EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2023/01/05 10:15 p.m.22 views

CVE-2022-3928

Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B...

7.1CVSS7.5AI score0.00211EPSS
Exploits0References2
OSV
OSV
added 2023/01/05 10:15 p.m.2 views

CVE-2022-3928

Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B...

5.5CVSS5.7AI score0.00211EPSS
Exploits0References2
Prion
Prion
added 2023/01/05 10:15 p.m.25 views

Hardcoded credentials

Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B...

1.7CVSS7.3AI score0.00211EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder