CVE-2019-12920

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt...

CVE-2019-12920

Summary: CVE-2019-12920 affects Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4. Vulnerability: devices ship with a hardcoded root password (12345678) accessible from a TELNET prompt, enabling a network attacker to login remotely and gain root access. Root cause: hardcoded credential ...

Hardcoded credentials

The doAirdrop function of a smart contract implementation for Primeo PEO, an Ethereum token, does not check the numerical relationship between the amount of the air drop and the token's total supply, which lets the owner of the contract issue an arbitrary amount of currency. Increasing the total...

CVE-2019-12550

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET...

CVE-2019-12549

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key...

CVE-2019-12550

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET...

CVE-2019-12549

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key...

Hardcoded credentials

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key...

Hardcoded credentials

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET...

CVE-2019-12549

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key...

CVE-2019-12550

CVE-2019-12550 affects WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505. The vulnerability is due to use of hard-coded credentials that allow an attacker to log in with root privileges over SSH/TELNET, enabling full OS compromise. Affected firmware branches are: 852-303 before FW0...

CVE-2019-12550

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET...

WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: WAGO 852 Industrial Managed Switch Series vulnerable version: 852-303: v1.2.2.S0 852-1305: v1.1.6.S0 852-1505: v1.1.5.S0 fixed version:...

CVE-2019-2102

In the Bluetooth Low Energy BLE specification, there is a provided example Long Term Key LTK. If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly used crypto. User...

Hardcoded credentials

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocaterevB scripts copies the hardcoded key to...

PT-2019-16194 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions 7.0 through 9 Description: The issue concerns the improper use of crypto in Bluetooth Low Energy BLE devices, specifically when a hardcoded Long Term Key LTK is used. This could theoretically allow a proximate attacker to...

HPE Intelligent Management Center (IMC) Hardcoded Credentials Remote Code Execution Vulnerability

HPE Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Failure, Configuration, Accounting, Performance and Security FCAPS model. HPE Intelligent Management Center IMC 7.3 E0506P09 and earlier versions have a dbman use of hardcoded...

Hardcoded credentials

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges...

Slick Popup <= 1.7.1 - Privilege Escalation

Subscriber users are able to create an administrator account with hardcoded login credentials. PoC Hardcoded username "slickpopupteam" and its password is OmakPass13...

Slick Popup <= 1.7.1 - Privilege Escalation

Subscriber users are able to create an administrator account with hardcoded login credentials. Hardcoded username "slickpopupteam" and its password is OmakPass13...