CVE-2017-14115

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and...

Arris Modems Hardcoded Backdoor Vulnerability (CNVD-2017-24359)

Arris Modems are modems produced by telecom equipment manufacturer Arris, customized for AT&T home users for on-net access. A hard-coded backdoor vulnerability exists in Arris Modems, which have a built-in web server that allows an attacker to access the back-end administration panel through port...

Arris Modems Hardcoded Backdoor Vulnerability

Arris Modems are modems produced by telecom equipment manufacturer Arris, customized for AT&T home users for on-net access. Arris Modems are vulnerable to a hard-coded backdoor vulnerability, where the modem has SSH enabled by default and allows Internet connectivity, which can be accessed by an...

Arris Modems Hardcoded Backdoor Vulnerability (CNVD-2017-24358)

Arris Modems are modems produced by telecom equipment manufacturer Arris, customized for AT&T home users for on-net access. A hard-coded backdoor vulnerability exists in Arris Modems, which allows an attacker to obtain the device's serial number and use the account password "bdctest/bdctest" to...

AT&T U-verse Arris Modems NVG589 / NVG599 / 5268AC Multiple Vulnerabilities (SharknATTo)

The remote Arris device's self report model is NVG589, NVG599 or 5268AC. It is, therefor, affected by multiple vulnerabilities, including a firewall bypass, multiple instances of hardcoded credentials, privilege escalation, and remote code execution. Note: Nessus has not checked the firmware...

Bugs in Arris Modems Distributed by AT&T Vulnerable to Trivial Attacks

Trivially exploitable vulnerabilities have been discovered in several Arris home modems, routers and gateways distributed to consumers and small businesses through AT&T’s U-verse service. It’s unknown yet whether the firmware vulnerabilities were introduced by the OEM or the ISP since AT&T seems ...

instack-undercloud: uses hardcoded /tmp paths

A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files...

Hardcoded credentials

In The Sleuth Kit TSK 4.4.2, fls hangs on a corrupt exfat image in tskimgread in tsk/img/imgio.c in libtskimg.a...

Hardcoded credentials

Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015...

Juniper Junos SRX Integrated User Firewall Hardcoded Credentials (JSA10791)

According to its self-reported version and configuration, the remote Juniper Junos device has hardcoded credentials for the Integrated User Firewall UserFW services authentication API. An unauthenticated, remote attacker can exploit this to gain administrative access to the device. TRUSTED...

Orange Aliyun OSS credentials suffer from information leakage vulnerability

Orange APP is an erotic community app. AliCloud Object Storage ServiceObject Storage Service, or OSS for short, is a massive, secure and highly reliable cloud storage service provided by AliCloud to the public. There is an information leakage vulnerability in the Orange Aliyun OSS credentials. Th...

Philips' DoseWise Portal Hardcoding Vulnerability

Philips' DoseWise Portal is a web-based reporting and tracking tool for radiation exposure. A hard-coded vulnerability exists in Philips' DoseWise Portal. An attacker exploiting this vulnerability would first require elevated privileges in order for the attacker to access web application back-end...

Hardcoded SSL Certificate Detection

Binary data 7280.pasl...

Hardcoded credentials

DISPUTED An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same...

CVE-2017-10818

MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service...

Hardcoded credentials

MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service...

CVE-2017-10818

MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service...

RedHat Update for pki-core RHSA-2017:2335-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Two Popular IP Cameras Riddled With Vulnerabilities

Two consumer-grade IP-enabled security cameras manufactured by Loftek and VStartcam are riddled with nearly two dozen vulnerabilities that expose them to remote attacks. According to researchers, more than 1.3 million of the cameras are in use today, with 200,000 models located in the United...

CVE-2017-2283

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...