CVE-2020-12039

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration value...

CVE-2020-12039

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration value...

Hardcoded credentials

Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials f...

Hardcoded credentials

Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to th...

Hardcoded credentials

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings...

Hardcoded credentials

The Baxter Spectrum WBM v17, v20D29, v20D30, v20D31, and v22D24 when used in conjunction with a Baxter Spectrum v8.x model 35700BAX2, operates a Telnet service on Port 1023 with hard-coded credentials...

Hardcoded credentials

Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account...

CVE-2020-12039

CVE-2020-12039 affects Baxter Sigma Spectrum Infusion System v6.x (35700BAX) and v8.x (35700BAX2); hard-coded passwords entered via keypad grant access to biomedical menus, including device settings, calibration values, and WBM network configuration. This is a local/physical-access issue with pub...

CVE-2020-12039

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration value...

Cellebrite EPR Decryption Relies on Hardcoded AES Key Material

Vulnerability Details Affected Vendor: Cellebrite Affected Product: UFED Affected Version: 5.0 - 7.5.0.845 Platform: Embedded Windows CWE Classification: CWE-321: Hardcoded Use of Cryptography Keys CVE ID: CVE-2020-14474 2. Vulnerability Description The Cellebrite UFED Physical device relies on...

CVE-2020-15340

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/defaultaxess/axess/TR69/Handlers/turbolink/sshkeys/idrsa SSH key...

CVE-2020-15340

Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 are affected by a hardcoded SSH key located at opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa. The issue arises from embedding credentials used in TR-069 handling, enabling potential unauthorized access if exploite...

CVE-2020-15347

The CVE concerns Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 where the axiros account uses a hardcoded password (q6xV4aW8bQ4cfD-b), enabling remote attackers to obtain full access to affected devices. Root cause: insufficient credential protection in the SecuManager software leads to cred...

CVE-2020-15326

CVE-2020-15326 affects Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1. The root cause is a hardcoded Ejabberd certificate stored in the ejabberd.pem file, creating a trust-management weakness. Public sources in the connected documents consistently describe this issue as a hardcoded certifica...

CVE-2020-15326

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem...

CVE-2020-15330

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APPKEY in /opt/axess/etc/default/axess...

CVE-2020-15330

Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 contain a hardcoded APP_KEY in /opt/axess/etc/default/axess. This root cause enables potential unauthorized access or abuse tied to the fixed key, as described in multiple sources. The vulnerability affects the software right in the stated versi...

CVE-2020-15331

Zyxel CloudCNM SecuManager 3.1.0–3.1.1 is affected by a hardcoded OAUTH_SECRET_KEY located at /opt/axess/etc/default/axess. The vulnerability stems from embedding a static secret, enabling potential unauthorized access if the key is exposed. Connected documents confirm the affected software and p...

PT-2020-6772 · Zyxel · Zyxel Cloudcnm Secumanager

Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue is related to a hardcoded Erlang cookie for ejabberd replication in Zyxel CloudCNM SecuManager. Additionally, there is a problem with unencrypted storage of...

PT-2020-14366 · Zyxel · Zyxel Cloudcnm Secumanager

Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue concerns a hardcoded APP KEY located in the /opt/axess/etc/default/axess file. Recommendations: For versions 3.1.0 and 3.1.1, consider removing or modifying the...