7572 matches found
Hardcoded credentials
Totolink A3600RFirmware V4.1.2cu.5182B20201102 contains a hard code password for root in /etc/shadow.sample...
Hardcoded credentials
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...
CVE-2022-35866
This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-cod...
Exploit for Use of Hard-coded Credentials in Atlassian Questions_For_Confluence
CVE-2022-26138 1. Introduction Confluence Hardcoded Pass...
CVE-2022-30316
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...
CVE-2022-30316
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...
CVE-2022-30314
Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...
Hardcoded credentials
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...
CVE-2021-22644
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...
CVE-2021-22644
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...
Hardcoded credentials
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...
CVE-2021-22644
CVE-2021-22644 is part of a set of vulnerabilities in Ovarro TBox/TWinSoft. The TWinSoft software uses a custom hardcoded user “TWinSoft” with a hardcoded key, enabling attackers to extract the hardcoded cryptographic key (CVE-2021-22644) and, with other flaws (CVE-2021-22646, CVE-2021-22648, CVE...
PT-2022-9259 · Ovarro · Ovarro Tbox Twinsoft
Name of the Vulnerable Software and Affected Versions: Ovarro TBox TWinSoft affected versions not specified Description: The issue concerns the use of a custom hardcoded user TWinSoft with a hardcoded key in Ovarro TBox TWinSoft. Recommendations: At the moment, there is no information about a new...
Hardcoded credentials
In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...
CVE-2022-30274
The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...
CVE-2022-30271
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...
CVE-2022-30271
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...
CVE-2022-30274
The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...
Hardcoded credentials
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...
Hardcoded credentials
The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...