CVE-2020-28329

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...

CVE-2020-28329

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...

Hardcoded credentials

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...

Hardcoded credentials

Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Versions: 2.5.1.8. An attacker armed with hardcoded API credentials retrieved by exploiting CVE-2020-28329 can issue an authenticated query to display the admin password for the main web user interface listenin...

CVE-2020-28329

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...

CVE-2020-28329

Barco wePresent WiPG-1600W is affected by CVE-2020-28329 and related CVEs due to hardcoded credentials in the firmware. Affected firmware versions include 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19. The vulnerability arises because an API account and password are embedded in the firmware image and...

CVE-2020-28330

Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Versions: 2.5.1.8. An attacker armed with hardcoded API credentials retrieved by exploiting CVE-2020-28329 can issue an authenticated query to display the admin password for the main web user interface listenin...

Hardcoded credentials

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454...

Barco wePresent WiPG-1600W Hardcoded API Credentials Vulnerability

Barco wePresent device firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Versions affected include 2.5.1.8, 2.5.0.25, 2.5.0.24, and...

Barco wePresent WiPG-1600W Global Hardcoded Root SSH Password Vulnerability

Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have a hardcoded root password hash included in the firmware image. Title: Barco wePresent Global Hardcoded Root SSH Password Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-008.txt 1...

Barco wePresent Hardcoded API Credentials

Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials CVE ID: CVE-2020-28329 2. Vulnerability Description Barco wePresent...

Barco wePresent Hardcoded API Credentials

KL-001-2020-004 : Barco wePresent Hardcoded API Credentials Title: Barco wePresent Hardcoded API Credentials Advisory ID: KL-001-2020-004 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-004.txt 1. Vulnerability Details Affected Vendor: Barco...

Barco wePresent Global Hardcoded Root SSH Password

Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials CVE ID: CVE-2020-28334 2. Vulnerability Description The Barco wePresent...

CVE-2020-27181

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

Hardcoded credentials

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

CVE-2020-27181

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

Adtec Digital Products Hardcoded Credentials / Remote Root

Exploit Title: Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root Date: 2020-07-24 Exploit Author: LiquidWorm Software Link: https://www.adtecdigital.com / https://www.adtecdigital.com/support/documents-downloads Version: Multiple Adtec Digital Multiple Products - Default...

Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root Vulnerability

Exploit Title: Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root Date: 2020-07-24 Exploit Author: LiquidWorm Software Link: https://www.adtecdigital.com / https://www.adtecdigital.com/support/documents-downloads Version: Multiple Adtec Digital Multiple Products - Default...

Hardcoded credentials

Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validatetoken.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header...

Adtec Digital Multiple Products Default/Hardcoded Credentials Remote Root

Summary Adtec Digital is a leading manufacturer of Broadcast, Cable and IPTV products and solutions. Description The devices utilizes hard-coded and default credentials within its Linux distribution image for Web/Telnet/SSH access. A remote attacker could exploit this vulnerability by logging in...