CVE-2017-17540

CVE-2017-17540 concerns Fortinet FortiWLC 8.3.3, where a hardcoded account creates unauthorized read/write access via a remote shell. Connected sources corroborate a hardcoded credential issue in FortiWLC 8.3.3 with remote shell access enabling reading/writing capabilities. The exact root cause, ...

Hardcoded credentials

Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql...

CVE-2018-10723

Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql...

CVE-2018-10723

Directus 6.4.9 contains a hardcoded admin password for the Admin account caused by an INSERT in api/schema.sql. Multiple sources (CNVD-2018-09196, NVD CVE-2018-10723, OSV, PRION) describe this as an elevation of privilege/vector involving a hardcoded credential, enabling potential administrator a...

Use of hardcoded credentials for communication between Meru access points and FortiWLC

FortiWLC included two hardcoded accounts which were used by Meru Access Points to report core dumps; these accounts had read/write privileges over various parts of the system. Starting with FortiWLC 7.0.13 and FortiWLC 8.4.0, the accounts are now completely removed and do not persist over firmwar...

Hardcoded credentials

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...

WatchGuard AP100, AP102 and AP200 Hardcoded Credentials Vulnerability

The WatchGuard AP100, AP102 and AP200 are all different series of indoor wireless access point devices from WatchGuard USA. A security vulnerability exists in the WatchGuard AP100, AP102, and AP200 using firmware versions prior to 1.2.9.15 that stems from the program's use of hard-coded...

Hardcoded credentials

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false...

CVE-2018-10575

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false...

CVE-2018-10575

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false...

CVE-2018-10575

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false...

CVE-2018-10575

WatchGuard AP100/ AP102/ AP200 devices with firmware before 1.2.9.15 contain hard-coded credentials for an unprivileged SSH account with a /bin/false shell, enabling pre-auth remote access and potential remote code execution. Public exploit modules (Metasploit-related) reference CVE-2018-10575, a...

SUSE-SU-2018:1102-1 Security update for python-Django

This update for python-Django fixes the following issues: Security issues fixed: - CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. bsc1083305 - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters. bsc1083304 - CVE-2017-12794:...

Hardcoded credentials

The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevate...

CVE-2018-10328

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...

CVE-2018-10328

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...

Hardcoded credentials

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...

CVE-2018-10328

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...

CVE-2018-10328

CVE-2018-10328 affects Momentum Axel 720P devices running version 5.1.8. The issue is a hardcoded password for the appagent account, allowing remote attackers to view the RTSP video stream. Documented CVSS: CVSS v3.0 base score 7.4 (HIGH), with ADJACENT network access, no user interaction, and co...

Momentum Axel 720P Information Disclosure Vulnerability

The Momentum Axel 720P is a dual-band HD camera that supports WiFi connectivity. A security vulnerability exists in the Momentum Axel 720P version 5.1.8, which stems from the appagent account using the hardcoded password: streaming.A remote attacker can exploit this vulnerability to view the vide...