7555 matches found
CVE-2019-20025
Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privileg...
Hardcoded credentials
Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privileg...
CVE-2019-20025
Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privileg...
CVE-2019-20025
NEC SV9100 PBX is affected (software release 6.0 and later). The root cause is an undocumented user account with manufacturer privileges, enabling an unauthenticated, remote attacker to log in using a hardcoded username/password. Impact per sources: attacker could remotely log in with manufacture...
Hardcoded credentials
An issue was discovered in Pulse Policy Secure PPS and Pulse Connect Secure PCS Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and...
Easergy Builder Hardcoded Encryption Key Plaintext Storage Vulnerability
Schneider Electric Easergy Builder is a set of configuration software for Easergy remote terminal units and controllers from Schneider Electric, France. A security vulnerability exists in Schneider Electric Easergy Builder version 1.4.7.2 and prior versions. An attacker could exploit the...
IBM Verify Gateway (IVG) Hardcoded Credentials Vulnerability
IBM Verify Gateway IVG is a cloud-based authentication solution from IBM in the United States. A hard-coded credentials vulnerability exists in IBM Verify Gateway IVG. An attacker could exploit the vulnerability to obtain credentials such as passwords or encryption keys...
Hardcoded credentials
Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
CVE-2020-10287 RVD#3326: Hardcoded default credentials on IRC 5 OPC Server
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default...
PT-2020-3116 · Cisco · Cisco Sd-Wan Solution
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Solution Software affected versions not specified Description: The issue is related to the use of hardcoded credentials in the Cisco SD-WAN solution. An unauthenticated, local attacker could access an affected device by using an...
V-SOL OLTs Backdoor / Privilege Escalation
Hello, Please find a text-only version below sent to security mailing lists. The complete version on "Multiple vulnerabilities found in V-SOL OLTs" is posted here: https://pierrekim.github.io/blog/2020-07-14-v-sol-olt-0day-vulnerabilities.html === text-version of the advisory === -----BEGIN PGP...
CDATA OLTs Backdoor / Privilege Escalation / Information Disclosure Vulnerabilities
Various CDATA OLTs suffer from backdoor access with telnet, credential leaks, shell escape with root privileges, denial of service, and weak encryption algorithm vulnerabilities. Advisory Information Title: Multiple vulnerabilities found in CDATA OLTs Advisory URL:...
CVE-2020-14474
The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...
CVE-2020-14474
The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...
Hardcoded credentials
The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...
CVE-2020-14474
CVE-2020-14474 affects Cellebrite UFED 5.0–7.5.0.845. The vulnerability arises from hardcoded AES key material used for decryption, present both in executable code and in encrypted headers/files via a key enveloping technique. The recovered key material is identical across devices of the same sof...
Cellebrite EPR Decryption Hardcoded AES Key Material
KL-001-2020-003 : Cellebrite EPR Decryption Relies on Hardcoded AES Key Material Title: Cellebrite EPR Decryption Relies on Hardcoded AES Key Material Advisory ID: KL-001-2020-003 Publication Date: 2020.06.29 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-003.txt 1...
ZyXEL CloudCNM SecuManager Trust Management Issues Vulnerability
ZyXEL CloudCNM SecuManager is a set of network management software from Taiwan, China-based ZyXEL. The software supports centralized control, device management and intelligent monitoring. A trust management issue vulnerability exists in ZyXEL CloudCNM SecuManager version 3.1.0 and 3.1.1. The...
ZyXEL CloudCNM SecuManager Trust Management Issues Vulnerability
ZyXEL CloudCNM SecuManager is a set of network management software from Taiwan, China-based ZyXEL. The software supports centralized control, device management and intelligent monitoring. A trust management issue vulnerability exists in ZyXEL CloudCNM SecuManager version 3.1.0 and 3.1.1, which...
Cellebrite EPR Decryption Hardcoded AES Key Material Vulnerability
The Cellebrite UFED Physical device relies on key material hardcoded within both the executable code supporting the decryption process and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of...