CVE-2022-29730

CVE-2022-29730 affects USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36. The issue is hard-coded credentials for the highest privileged account (USR user) with password www.usr.cn, which cannot be changed via normal device operation. This credential exposure enables full compromise of the de...

Hardcoded credentials

An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS...

GHSA-P4XH-4869-8VRG AdaptiveScale LXDUI Hardcoded JWT Secret Key

A Hardcoded JWT Secret Key in metadata.py metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system...

AdaptiveScale LXDUI Hardcoded JWT Secret Key

A Hardcoded JWT Secret Key in metadata.py metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system...

Hardcoded credentials

A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials...

Hardcoded credentials

The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed...

TOTOLINK A3100R Trust Management Issue Vulnerability

TOTOLINK A3100R is a series of wireless routers from China Gion Electronics TOTOLINK.TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 is vulnerable to a trust management issue, which stems from the presence of a hardcoded password in the component /web cste/cgi-bin/product.ini wi...

Rakuten Mobile Rakuten Casa 信任管理问题漏洞

Rakuten Mobile Rakuten Casa is a small base station from Rakuten Mobile Japan, Inc. A trust management issue vulnerability exists in Rakuten Mobile Rakuten Casa APFV200 and APFV141 versions, which stems from the presence of hard-coded credentials in the application code. An unauthenticated, remot...

CVE-2022-29645

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample...

Hardcoded credentials

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample...

Hardcoded credentials

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /webcste/cgi-bin/product.ini...

TOTOLINK A3100R 信任管理问题漏洞

TOTOLINK A3100R is a series of wireless routers from China Gion Electronics TOTOLINK.TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 is vulnerable to a trust management issue, which stems from the presence of a hardcoded password in the component /web cste/cgi-bin/product.ini wi...

GHSA-G466-57GH-CQFW Spree uses a hardcoded hash value

The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.actioncontrollersession hash value aka secret key, which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the...

Spree uses a hardcoded hash value

The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.actioncontrollersession hash value aka secret key, which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the...

EUVD-2012-4305

hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838...

GHSA-MV8G-FHH6-6267 Django user with hardcoded password created when running tests on Oracle

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

mod_auth_openidc:2.3 security update

cjose 0.6.1-2 - fix concatkdf big endian architecture problem. Upstream issue 77. 0.6.1-1 - upgrade to latest upstream 0.6.1 0.5.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora29MassRebuild 0.5.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora28MassRebuild 0.5.1-1 - Initial packagin...

TransmuterBuffer's _alchemistWithdraw use hard coded slippage that can lead to user losses

Lines of code Vulnerability details exchange - exchange - alchemistWithdraw is user funds utilizing call sequence and the slippage hard coded to 1% there can cause a range of issues. For example, if there is not enough shares, the number of shares to withdraw will be unconditionally reduced to th...

GHSA-Q2RQ-QGCF-M22W web2py remote code execution via hardcoded encryption key in session.connect function

The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...

web2py remote code execution via hardcoded encryption key in session.connect function

The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...