Hardcoded credentials

WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote...

CVE-2017-8226

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a...

Hardcoded credentials

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a...

CVE-2017-8226

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a...

CVE-2017-8415

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the use...

Hardcoded credentials

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the use...

CVE-2017-8415

Affected devices: D-Link DCS-1100 and DCS-1130. The vulnerability stems from a hardcoded credential mechanism used by a custom telnet daemon (part of BusyBox) where the password check uses a salted hash of the string "admin" stored in /etc/shadow on a CRAM-FS filesystem. Because the filesystem is...

Hardcoded credentials

Linear eMerge E3-Series devices have Hard-coded Credentials...

Hardcoded credentials

Optergy Proton/Enterprise devices have Hard-coded Credentials...

Hardcoded credentials

Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page...

Design/Logic Flaw

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags MODBUS coils mapping to the HMI. These credentials are the idal123...

CVE-2019-7225

The CVE-2019-7225 issue affects ABB HMI components by embedding hidden administrative accounts (IdalMaster with password idal123 and exor with password exor) used during provisioning to flash interfaces and map Tags via Panel Builder 600. Credentials are usable over HTTP(S) and FTP, with no optio...

CVE-2019-7227

In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor ...

Hardcoded credentials

In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor ...

CVE-2019-7227

In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor ...

ABB HMI Hardcoded Credentials File Read Vulnerability

ABB PB610 is a software from ABB Switzerland for designing graphical user interfaces for the CP600 control panel platform. A file read vulnerability exists in ABB HMI Hardcoded Credentials, which can be exploited by an attacker to read or write to the HMI configuration file and reset the device...

Ubuntu 16.04 LTS : web2py vulnerabilities (USN-4030-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4030-1 advisory. It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform...

USN-4030-1 web2py vulnerabilities

It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. CVE-2016-10321 It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could...

CVE-2019-12920

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt...

Hardcoded credentials

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt...