Hardcoded credentials

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admi...

Cradlepoint Router Password Disclosure

Many vulnerabilities in the built-in software of the Cradlepoint Router. 100000 such routers can be seen in the shodan https://www.shodan.io/search?query=cradlepointhttpservice. These vulnerabilities were reported to Cradlepoint in august. A hardcoded password allows you to retrieve sensitive...

CVE-2018-10532

An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70E102.0019 devices. Hardcoded root SSH credentials were discovered to be stored within the "coreapp" binary utilised by the EE router for networking services. An attacker with knowledge of the default password oelinux123 could login to the rout...

CVE-2018-10532

An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70E102.0019 devices. Hardcoded root SSH credentials were discovered to be stored within the "coreapp" binary utilised by the EE router for networking services. An attacker with knowledge of the default password oelinux123 could login to the rout...

Hardcoded credentials

An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70E102.0019 devices. Hardcoded root SSH credentials were discovered to be stored within the "coreapp" binary utilised by the EE router for networking services. An attacker with knowledge of the default password oelinux123 could login to the rout...

CVE-2018-10532

An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70E102.0019 devices. Hardcoded root SSH credentials were discovered to be stored within the "coreapp" binary utilised by the EE router for networking services. An attacker with knowledge of the default password oelinux123 could login to the rout...

CVE-2018-10532

CVE-2018-10532 affects EE 4GEE HH70VB-2BE8GB3 devices running HH70_E1_02.00_19. The vulnerability stems from hardcoded root SSH credentials stored in the core_app binary, allowing an attacker who knows the default password (oelinux123) to log in as root via SSH. This can lead to loss of confident...

CVE-2018-13342

The server API in the Anda app relies on hardcoded credentials...

Hardcoded credentials

The server API in the Anda app relies on hardcoded credentials...

CVE-2018-13342

The server API in the Anda app relies on hardcoded credentials...

CVE-2018-13342

CVE-2018-13342: The Anda app’s server API is vulnerable due to hardcoded credentials in its authentication flow. According to NVD, the CVSS scores are 7.5 (2.0) and 9.8 (3.0), indicating a high/critical impact with network access, no authentication, and full compromise of confidentiality, integri...

Hardcoded credentials

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password...

Hardcoded credentials

NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access...

Hardcoded credentials

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only...

CVE-2018-17440

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials admin, admin. Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any...

Hardcoded credentials

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials admin, admin. Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any...

CVE-2018-17440

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials admin, admin. Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any...

CVE-2018-17440

D-Link Central WiFi Manager (before 1.03r0100-Beta1) is vulnerable to remote code execution via an FTP service listening on port 9000 that uses hardcoded admin/admin credentials. An unauthenticated attacker can upload a PHP file to the web root and access it to execute arbitrary code. Core Securi...

Hardcoded credentials

The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...

Hardcoded credentials

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421...