CVE-2017-2280

WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

CVE-2017-2283

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

Hardcoded credentials

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

CVE-2017-2283

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

CVE-2017-2280

WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device...

CVE-2017-2280

The CVE-2017-2280 entry affects I-O DATA WN-AX1167GR devices with firmware 3.00 and earlier. The root cause is hardcoded credentials embedded in the firmware, which may allow an attacker who can access the device to execute arbitrary code on the device. Documented impact is that an authenticated ...

CVE-2017-2283

CVE-2017-2283 affects I-O DATA WN-G300R3 (and WN-G300R31) wireless routers. Firmware 1.0.2 and earlier contains hard-coded credentials (CWE-798), which may allow an attacker with network access to the device to execute arbitrary code. Affected devices and impact are documented in multiple sources...

Legislation Proposed to Secure Connected IoT Devices

A Senate bill introduced today would prioritize security in connected devices, requiring providers who sell to the U.S. government to implement measures that would have been an impediment to the IoT botnet-fueled attacks against DNS provider Dyn and webhost OVH. The Internet of Things Cybersecuri...

Hardcoded credentials

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user...

pki-core: mock CMC authentication plugin with hardcoded secret enabled by default

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...

Cisco DPC3939 and DPC3941T Comcast Firmware Hardcoding Vulnerability

The Cisco DPC3939 and DPC3941T are both wireless voice gateway products from Cisco USA. comcast is a set of firmware developed by Comcast USA that runs in devices such as gateways and modems. A security vulnerability exists in the Comcast firmware in the Cisco DPC3939 using the...

Hardcoded credentials

MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to intercept sensiti...

Hardcoded credentials

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST and DPC3941T firmware version DPC39412.5s3PRODsey devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded...

CVE-2017-9488

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST and DPC3941T firmware version DPC39412.5s3PRODsey devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded...

MEDHOST Connex Hardcoded Password

CVE-2017-11743 Overview ------------ MEDHOST Connex contains a hard-coded Mirth Connect admin password in all versions. This is a new vulnerability not related to CVE-2016-4328, CVE-2017-11614, CVE-2017-11693 or CVE-2017-11694. Description ------------ MEDHOST Connex contains a hard-coded Mirth...

I-O DATA DEVICE WN-G300R3 Hardcoded Credential Vulnerability

The I-O DATA DEVICE WN-G300R3 is a wireless router device from I-O DATA DEVICE Japan. A hard-coded credentials vulnerability exists in the I-O DATA DEVICE WN-G300R3 using firmware version 1.0.2 and earlier, which stems from the program's use of hard-coded credentials. An attacker could exploit th...

MEDHOST Document Management System Hardcoded Credentials

MEDHOST Document Management System contains multiple hard-coded credentials CVE-2017-11693 & CVE-2017-11694 Overview ------------ Medhost Document Management system for all versions contains hard-coded credentials used for customer database and Apache Solr access. This is a new vulnerability not...

CVE-2016-10401

CVE-2016-10401 affects ZyXEL PK5001Z (and related modems) with a hardcoded/backup root credential setup. Multiple connected sources confirm an authentication bypass/remote admin access vector: default telnet/root credentials (example: zyad5001) allow a user with knowledge of a non-root account pa...

Hardcoded credentials

A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges...

BharatMatrimony - Matrimonial - Customized SSL, Hardcoded secrets, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application BharatMatrimony - Matrimonial published at the 'play' market has multiple vulnerabilities...