CVE-2018-9195

The CVE-2018-9195 entry describes an information-disclosure MITM vulnerability caused by a hardcoded cryptographic key used in the FortiGuard service communication protocol. Affected products include FortiOS 5.6.x (before 5.6.12) and FortiOS 6.x (before 6.0.8), and FortiClient clients (Windows be...

CVE-2019-6852

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...

Hardcoded credentials

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...

CVE-2019-6852

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...

CVE-2019-6852

CVE-2019-6852 refers to an information-exposure vulnerability affecting Schneider Electric Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules). The issue arises from the controller Web server over an...

Fortinet FortiOS CVE-2019-6693 Hardcoded Cryptographic Key Vulnerability

Description Fortinet FortiOS is prone to a hardcoded cryptographic key vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Versions prior to Fortinet FortiOS 5.6.11, 6.0.7 and 6.2.1 are vulnerable. Technologies Affected Fortinet...

ZyXEL GS1900 Use of Hardcoded Passwords Vulnerability

ZyXEL GS1900 is a managed switch from ZyXEL Taiwan, China. A security vulnerability exists in the Zyxel GS1900 using firmware prior to version 2.50AAHH.0C0. The vulnerability can be exploited by an attacker to decrypt passwords with the help of hard-coded encryption keys...

CVE-2019-15802

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in salutilstrencrypt in libsal.so.0.0. The parameters salt, IV, and key data are used to encrypt and decrypt all passwords using AES256...

CVE-2019-15801

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware,...

Hardcoded credentials

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware,...

Hardcoded credentials

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in salutilstrencrypt in libsal.so.0.0. The parameters salt, IV, and key data are used to encrypt and decrypt all passwords using AES256...

Hardcoded credentials

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly...

Hardcoded credentials

Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg24Mhw3...

Hardcoded credentials

Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg24Mhw3...

CVE-2019-18852

Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/imagesign or /etc/alphaconfig/imagesign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 for DCN, DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842...

CVE-2019-18852

Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/imagesign or /etc/alphaconfig/imagesign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 for DCN, DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842...

CVE-2019-18852

The CVE-2019-18852 entries describe a hardcoded Alphanetworks user account with TELNET access via /etc/config/image_sign or /etc/alpha_config/image_sign, affecting D-Link DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and D...

Hardcoded credentials

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read...

Hardcoded credentials

Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges...

Schneider-electric Quantum Unspecified Vulnerability

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...