7553 matches found
ZyXEL PK5001Z Modem - Backdoor Account
ZyXEL PK5001Z Modem - Backdoor Account Exploit Title: ZyXEL PK5001Z Modem - CenturyLink Hardcoded admin and root Telnet Password. Google Dork: n/a Date: 2017-10-31 Exploit Author: Matthew Sheimo Vendor Homepage: https://www.zyxel.com/ Software Link: n/a Version: PK5001Z 2.6.20.19 Tested on: Linux...
ZyXEL PK5001Z Modem - Backdoor Account
Exploit Title: ZyXEL PK5001Z Modem - CenturyLink Hardcoded admin and root Telnet Password. Google Dork: n/a Date: 2017-10-31 Exploit Author: Matthew Sheimo Vendor Homepage: https://www.zyxel.com/ Software Link: n/a Version: PK5001Z 2.6.20.19 Tested on: Linux About: ZyXEL PK5001Z Modem is used by...
CVE-2017-15582
In net.MCrypt in the "Diary with lock" aka WriteDiary application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries...
CVE-2017-15582
In net.MCrypt in the "Diary with lock" aka WriteDiary application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries...
Hardcoded credentials
In net.MCrypt in the "Diary with lock" aka WriteDiary application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries...
CVE-2017-15582
The CVE-2017-15582 entry concerns the Android app Diary with lock (WriteDiary) v4.72, where the AES parameters are compromised by hardcoded SecretKey and IV in net.MCrypt. This root cause enables attackers to potentially obtain cleartext of stored diary entries. The provided connected documents c...
CVE-2017-15909
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access...
Hardcoded credentials
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access...
CVE-2017-15909
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access...
CVE-2017-15909
The CVE-2017-15909 entry applies to D-Link DGS-1500 Ax switches with versions before 2.51B021, which contain a hardcoded password enabling remote shell access. The RCE/unauthorized access stems from credential hardcoding in the device firmware, allowing an attacker to obtain shell access without ...
CVE-2017-15909
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access...
PT-2017-14278 · D Link · D-Link Dgs-1500
Name of the Vulnerable Software and Affected Versions: D-Link DGS-1500 Ax versions prior to 2.51B021 Description: The issue allows remote attackers to obtain shell access due to a hardcoded password. Recommendations: For versions prior to 2.51B021, update to version 2.51B021 or later to resolve t...
DUHK Attack Exposes Gaps in FIPS Certification
Despite the obligatory logo and clever name, this week’s assault on crypto, the so-called DUHK attack Don’t Use Hardcoded Keys, isn’t likely to be part of many threat models. Though the attack can be used to passively decrypt VPN and encrypted browser traffic, it relies on a host of implementatio...
My Verisure - Customized SSL, Hardcoded secrets, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application My Verisure published at the 'play' market has multiple vulnerabilities...
Kaltura Remote PHP Code Execution over Cookie
This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hardcoded cookie secret which allows to sign arbitrary cookie data. After passing...
Hardcoded credentials
The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and ha...
Hardcoded credentials
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another...
CVE-2015-6358
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another...
Hardcoded credentials
Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage...
CVE-2017-12860
The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded...