EMC Data Protection Advisor Hardcoded Password Vulnerability

EMC Data Protection Advisor contains undocumented accounts with hard-coded passwords that could potentially be exploited by malicious users to compromise the affected system. Versions 6.3.x and 6.4.x are affected. EMC Data Protection Advisor Hardcoded Password Vulnerability EMC Identifier:...

D-Link DIR-850L REV.A and REV.B Password Disclosure Vulnerability (CNVD-2017-31787)

The D-Link DIR-850L REV.A and REV.B are both wireless router products from AUO D-Link. The security vulnerability in D-Link DIR-850L REV.A and REV.B devices using firmware FW114WWb07h2abbeta1 and prior versions and firmware FW208WWb02 and prior versions stems from the program using the same...

Hardcoded credentials

D-Link DIR-850L REV. B with firmware through FW208WWb02 devices have a hardcoded password of wrgac25dlink.2013guidir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session...

CVE-2017-14421

D-Link DIR-850L REV. B with firmware through FW208WWb02 devices have a hardcoded password of wrgac25dlink.2013guidir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session...

CVE-2017-14422

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms...

CVE-2017-14422

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms...

Hardcoded credentials

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices have 0666 /var/etc/hnapasswd permissions...

Hardcoded credentials

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms...

CVE-2017-14421

D-Link DIR-850L REV. B with firmware through FW208WWb02 devices have a hardcoded password of wrgac25dlink.2013guidir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session...

CVE-2017-14422

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms...

CVE-2017-14421

CVE-2017-14421 affects D-Link DIR-850L Rev. B up to firmware FW208WWb02. It stems from a hardcoded Alphanetworks account password (wrgac25_dlink.2013gui_dir850l), enabling remote attackers to obtain root access via TELNET. Severity is high/critical (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)...

PT-2017-13466 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue concerns the use of a hardcoded private key in the /etc/stunnel.key file across different installations,...

instack-undercloud: uses hardcoded /tmp paths

A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files...

instack-undercloud: uses hardcoded /tmp paths

A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files...

PT-2017-2899 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue is related to a hardcoded password for the Alphanetworks account, which is set to wrgac25 dlink.2013gui dir850l upon device reset. This allows remote attackers to obtai...

EulerOS 2.0 SP2 : pki-core (EulerOS-SA-2017-1184)

According to the version of the pki-core packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package. An attack...

Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol

Product Description Dlink is a multinational networking equipment manufacturing corporation. The Dlink 850L is a Wireless AC1200 Dual Band Gigabit "Cloud" Router. Mydlink Cloud Services allow you to access, view and control the devices on your home network from anywhere. Vulnerabilities Summary T...

Hardcoded credentials

Honda Moto LINC 1.6.1 does not verify SSL certificates...

Security Vulnerabilities in AT&T Routers

They're actually Arris routers, sold or given away by AT&T.; There are several security vulnerabilities, some of them very serious. They can be fixed, but because these are routers it takes some skill. We don't know how many routers are affected, and estimates range from thousands to 138,000. Amo...

Textra SMS - Dangerous filesystem permissions, Hardcoded secrets, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Textra SMS published at the 'play' market has multiple vulnerabilities...