7548 matches found
CVE-2016-1984
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a 1 SSH or 2 HTTP session, a different vulnerability than CVE-2015-8362...
CVE-2015-6412
Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded 1 root and 2 guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070...
CVE-2015-6412
In Cisco Modular Encoding Platform D9036 Software prior to 02.04.70, hard-coded root and guest passwords allow remote SSH access as described in multiple sources (Cisco advisory cisco-sa-20160120-d9036; CNVD-2016-00773; NVD CVE-2015-6412). The root cause is default credentials that cannot be chan...
CVE-2015-8362
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a 1 SSH or 2 HTTP session, a different vulnerability than CVE-2016-1984...
CVE-2016-1984
The CVE-2016-1984 issue concerns Harman AMX devices where the setUpSubtleUserAccount function in /bin/bw uses a hard-coded 1MB@tMaN password (and related 1.4.x hard-coded 1MB@tMaN on certain builds), enabling remote access via SSH or HTTP. Affected firmware lines include 1.4.65 through 1.4.72, wi...
CVE-2015-8362
CVE-2015-8362 affects Harman AMX devices (various NetLinx controllers, Massio MCP-10x, Enova DGX/DVX lines, NI/NX series, ME260/64, etc.) where the setUpSubtleUserAccount function in /bin/bw uses a hard-coded BlackWidow diagnostic account password. This creates remote-access risk via SSH or HTTP ...
CVE-2016-1909
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the FortimanagerAccess account, which allows...
Hardcoded credentials
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the FortimanagerAccess account, which allows...
CVE-2016-1909
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the FortimanagerAccess account, which allows...
CVE-2016-1909
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the FortimanagerAccess account, which allows...
PT-2016-33: Privilege Gaining in Siemens SICAM PAS
The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Siemens SICAM PAS. SICAM PAS has a factory account with hardcoded passwords, which allows attackers to gain privileged access to the database via TCP port 2638. How to fix Update your software up to...
PT-2016-1104
Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions 5.0.0 through 5.0.11 FortiAnalyzer versions 5.2.x prior to 5.2.5 FortiSwitch versions 3.3.x prior to 3.3.3 FortiCache versions 3.0.x prior to 3.0.8 FortiOS versions 4.1.x prior to 4.1.11 FortiOS versions 4.2.x prior to...
Cisco Patches Hardcoded Password, DoS Vulnerabilities in Software
Cisco patched a handful of issues across its software line this week, including two critical vulnerabilities that could lead to the complete compromise of any devices running the software, and a hardcoded password that exists in some access points made by the company. According to security...
FingerTec Fingerprint Reader - Remote Access and Remote Enrolment
Exploit Title: Default Root Password and Remote Enrollment on FingerTec Devices Date: 12-01-2016 Exploit Author: Daniel Lawson Contact: http://twitter.com/fang0654 Website: https://digital-panther.com Category: physical access control 1. Description Almost all FingerTec Access Control devices are...
FingerTec Fingerprint Reader - Remote Access and Remote Enrolment
FingerTec Fingerprint Reader - Remote Access and Remote Enrolment Exploit Title: Default Root Password and Remote Enrollment on FingerTec Devices Date: 12-01-2016 Exploit Author: Daniel Lawson Contact: http://twitter.com/fang0654 Website: https://digital-panther.com Category: physical access...
FingerTec Default Root Password / Remote Enrollment
Exploit Title: Default Root Password and Remote Enrollment on FingerTec Devices Date: 12-01-2016 Exploit Author: Daniel Lawson Contact: http://twitter.com/fang0654 Website: https://digital-panther.com Category: physical access control 1. Description Almost all FingerTec Access Control devices are...
SedSystems D3 Decimator - Multiple Vulnerabilities
SedSystems D3 Decimator - Multiple Vulnerabilities SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to this...
SedSystems D3 Decimator - Multiple Vulnerabilities
SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to this device it will announce itself with "connected" or...
Potential backdoor via hardcoded system ID
Application: SAP NetWeaver AS ABAP Vendor URL: http://sap.com Bugs: Hardcoded credentials Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 10.05.2016 Reference: SAP Security Note 2292487 Author: Vahagn VardanyanERPScan VULNERABILITY INFORMATION Class: Hardcoded credential...
CVE-2015-7251
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session...