7555 matches found
PT-2020-6758 · Zyxel · Zyxel Cloudcnm Secumanager
Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue is related to insufficient protection of credentials in the Zyxel CloudCNM SecuManager software, which can allow a remote attacker to gain full access to devices o...
mySCADA myPRO 7 - Hardcoded Credentials Vulnerability
Exploit Title: mySCADA myPRO v7 Hardcoded Credentials Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://myscada.org Software Link: https://www.myscada.org/mypro/ Version: v7.0.45 Tested on: Windows/Linux CVE-2018-11311 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11311...
PT-2020-14362 · Zyxel +1 · Zyxel Cloudcnm Secumanager +1
Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue concerns a hardcoded certificate for Ejabberd, which is located in the ejabberd.pem file. Recommendations: For versions 3.1.0 and 3.1.1, consider removing or...
PT-2020-14367 · Zyxel · Zyxel Cloudcnm Secumanager
Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue concerns a hardcoded OAUTH SECRET KEY located in /opt/axess/etc/default/axess. Recommendations: For versions 3.1.0 and 3.1.1, consider changing the hardcoded OAUTH...
Critical Bugs and Backdoor Found in GeoVision's Fingerprint and Card Scanners
GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could've potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks. In a report...
mySCADA myPRO 7 - Hardcoded Credentials
Exploit Title: mySCADA myPRO v7 Hardcoded Credentials Date: 2018-07-02 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://myscada.org Software Link: https://www.myscada.org/mypro/ Version: v7.0.45 Tested on: Windows/Linux CVE-2018-11311 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1131...
CVE-2020-10270
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users omitted and passwords omitted. This...
Hardcoded credentials
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users omitted and passwords omitted. This...
Hardcoded credentials
The password for the safety PLC is the default and thus easy to find in manuals, etc.. This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the las...
CVE-2020-10269 RVD#2566: Hardcoded Credentials on MiRX00 wireless Access Point
One of the wireless interfaces within MiR100, MiR200 and possibly according to the vendor other MiR fleet vehicles comes pre-configured in WiFi Master Access Point mode. Credentials to such wireless Access Point default to well known and widely spread SSID MiRRXXXX and passwords omitted. This...
CVE-2020-10270
CVE-2020-10270 affects MiR robotic fleet (MiR100/MiR200, potentially others) where the Control Dashboard is reachable on a hardcoded IP via wired/wireless interfaces. The flaw enables control of the robot through default, widely known credentials, as documented in past guides, and may be extended...
CVE-2020-10270 RVD#2557: Hardcoded Credentials on MiRX00 Control Dashboard
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users omitted and passwords omitted. This...
Hardcoded credentials
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...
CVE-2020-3928
GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices...
CVE-2020-3928
GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices...
Hardcoded credentials
GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices...
CVE-2020-3928
GeoVision Door Access Control device family is affected by CVE-2020-3928 due to a hardcoded root password shared across devices, enabling unauthorized access. The Hacker News report also notes additional issues tied to the same disclosures: hardcoded SSH private keys, unauthenticated access to de...
CVE-2020-3928 GeoVision Door Access Control Device - Hardcoded privileged password
GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices...
Hardcoded credentials
Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS...
CVE-2020-6265
SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce Data Hub, versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials...