Solarwinds LEM Database Listener with Hardcoded Credentials

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-284: Improper Access Control Impact: Remote Database Compromise Attack...

Solarwinds LEM 6.3.1 Hardcoded Credentials

KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials Title: Solarwinds LEM Database Listener with Hardcoded Credentials Advisory ID: KL-001-2017-009 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-009.txt 1...

Solarwinds LEM Privilege Escalation via Controlled Sudo Path

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-281: Improper Preservation of Permissions, CWE-708: Incorrect Ownership Assignment Impact: Privileged Access...

Hardcoded credentials

On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key a long string beginning with Ei2HNryt. This affects the 1.1.2 Build 20141017 Rel.50749 firmware...

NBA app - Dangerous filesystem permissions, Exported ContentProvider, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application NBA app published at the 'play' market has multiple vulnerabilities...

Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability

Talos Vulnerability Report TALOS-2017-0231 Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability April 21, 2017 Report ID CVE-2016-8717 Summary An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The devic...

Toshl Finance Budget & Expense - Base64 encoded String, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Toshl Finance Budget & Expense published at the 'play' market has multiple vulnerabilities...

DragonWave Horizon Hardcoded Credentials Vulnerability

DragonWave Horizon is a carrier-grade point-to-point packet microwave system from DragonWave Canada. The system provides the capability to transmit broadband voice, video and data. A security vulnerability exists in DragonWave Horizon version 1.01.03 that originates from the device's use of...

SedSystems D3 Decimator Default Credentials / File Disclosure

SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to this device it will announce itself with "connected" or...

SedSystems D3 Decimator - Multiple Vulnerabilities

Exploit for multiple platform in category web applications SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to...

Hardcoded credentials

Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation...

CVE-2017-7648

CVE-2017-7648 concerns Foscam networked devices that reuse the same hardcoded SSL private key across different installations. This root cause enables remote attackers to defeat cryptographic protections by leveraging the known key from another installation, potentially enabling eavesdropping, imp...

Travel Routers, NAS Devices Among Easily Hacked IoT Devices

SINT MAARTEN—A researcher only needed 20 minutes last week to explain just how hopelessly broken some of the more popular Internet of Things devices on the market these days are. Jan Hoersch, an IT security consultant at Securai GmbH, a small pen-testing firm based in Munich, described...

CVE-2015-2882

The CVE-2015-2882 entry concerns Philips In.Sight B120/37, a video monitoring device. The documented issue is the presence of multiple default/backdoor credentials (b120root, /ADMIN/, merlin, M100-4674448) for various accounts, which OpenVAS entries also flag as default credentials. Connected CNV...

Foscam Cameras And Network Devices Hardcoded Keys

Two issues in one that nullify SSL in foscam devices: All Foscam networked cameras use the same SSL private key that is hard coded into the downloadable firmware. This is easily extracted using a utility like binwalk and would allow an attacker to MITM any Foscam device. One devices SSL keys are...

Intellinet NFC-30IR Camera - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Multiple Vulnerabilities in Intellinet NFC-30IR Network Cameras ADVISORY -------- Title: Local File Inclusion in CGI-SCRIPT & Hard-Coded Manufacturer Backdoor Advisory ID: BITL-17-001 Date published: 2017-04-05 Date of last update:...

CVE-2017-7576

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials such as the username of energetic and password of wireless meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in...

CVE-2017-7576

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials such as the username of energetic and password of wireless meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in...

Hardcoded credentials

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials such as the username of energetic and password of wireless meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in...

CVE-2017-7576

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials such as the username of energetic and password of wireless meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in...