CVE-2021-27164

CVE-2021-27164 affects FiberHome HG6245D devices (RP2613). The web daemon stores hardcoded credentials (admin/aisadmin), enabling potential unauthorized access to the device. Documented impact in CVE data indicates high-risk metrics (CVSSv3.1: 9.8, HIGH confidentiality/integrity/availability) and...

CVE-2021-27168

CVE-2021-27168 affects FiberHome HG6245D devices via RP2613, where the rdsadmin account is exposed with a hardcoded password (6GFJdY4aAuUKJjdtSn7d). The issue enables potential unauthorized admin access over the network, with CVSS metrics indicating high confidentiality, integrity, and availabili...

CVE-2021-27168

An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account...

CVE-2021-27172

An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh...

CVE-2021-27172

The CVE-2021-27172 case concerns FiberHome HG6245D ONT routers (via RP2613). It relies on a hardcoded GEPON password for root stored in /etc/init.d/system-config.sh, enabling unauthorized root access. The NVD entry lists a CVSS3.1 base score of 9.8 (CRITICAL) with network attack vector and no aut...

FiberHome HG6245D 信任管理问题漏洞

The HG6245D is an FTTH ONT router from FiberHome. A hardcoded credentials vulnerability exists in the FiberHome HG6245D. The vulnerability stems from the web daemon containing hardcoded user/8888888 credentials against an ISP. No details of the vulnerability are provided at this time...

FiberHome HG6245D devices 信任管理问题漏洞

The HG6245D is an FTTH ONT router from FiberHome. A hardcoded credentials vulnerability exists in the FiberHome HG6245D. The vulnerability stems from the web daemon containing hardcoded user/tattoo@home credentials against an ISP. No details of the vulnerability are provided at this time...

FiberHome HG6245D devices 信任管理问题漏洞

FiberHome HG6245D devices is a router from FiberHome, China. It provides network connectivity. A trust management issue vulnerability exists in the FiberHome HG6245D devices, which can be exploited by an attacker to attack vulnerable components using default passwords or hard-coded passwords,...

Hardcoded credentials

Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page...

Hardcoded credentials

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner...

Mofi Network MOFI4500-4GXeLTE 信任管理问题漏洞

The Mofi Network MOFI4500-4GXeLTE is a wireless router from Mofi Network. A security vulnerability exists in the Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The vulnerability stems from the fact that the Dropbear SSH daemon has been modified to accept an alternate hardcoded path to a public...

GHSA-HHW9-35P2-Q2C5 Steam Socialite Provider v1 does not correctly validate openid server

Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These are no longer...

Steam Socialite Provider v1 does not correctly validate openid server

Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These are no longer...

Hardcoded credentials

The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit...

Micro Focus UCMDB Remote Code Execution Exploit

This Metasploit module exploits two vulnerabilities, that when chained allow an attacker to achieve unauthenticated remote code execution in Micro Focus UCMDB. UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected, but this module can probably also be used to...

Micro Focus UCMDB Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution', 'Description' = %q This module exploits two vulnerabilities, that...

Hardcoded credentials

Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the confidentiality and integrity of...

Backdoor.Win32.Wollf.c Hardcoded Backdoor Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/91c02a95839a76a5d2e335cded7112a9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.c Vulnerability: Hardcoded Backdoor Password Description: The backdoor creates ...

Backdoor.Win32.Wollf.16 Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5f79b779acd4c9c75211835a2783bccb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Weak Hardcoded Password Description: Wollf.16 creates and run...

Hardcoded credentials

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings...