CVE-2015-2904

CVE-2015-2904 affects Actiontec GT784WN modems with firmware prior to NCS01-1.0.13, where hard-coded credentials allow remote attackers to obtain root access by connecting to the web management interface. Public documents confirm the vulnerability is tied to root-privilege credential exposure and...

CVE-2015-2907

CVE-2015-2907 concerns the Mobile Devices (MDI) C4 OBD-II dongle family (firmware 2.x–3.4.x). The root cause is hard-coded SSH credentials (username/password) that enable remote attackers to gain access to affected devices. Impact described across sources includes unauthorized remote access; CERT...

CVE-2015-2907

Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password...

PT-2015-5968 · Mobile Devices · Mobile Devices C4 Obd-Ii Dongle

Name of the Vulnerable Software and Affected Versions: Mobile Devices aka MDI C4 OBD-II dongles versions 2.x through 3.4.x Description: The issue allows remote attackers to obtain access by leveraging knowledge of the required username and password, due to hardcoded SSH credentials...

CVE-2015-4537

Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive...

Hardcoded credentials

Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive...

CVE-2015-4537

EMC Documentum D2 vulnerability CVE-2015-4537 affects the Lockbox component. If the server lacks the D2.Lockbox file, D2 uses a hardcoded passphrase to encrypt admin tickets, enabling an attacker who can decompile D2 JARs to recover the passphrase and decrypt tickets. Affected products include EM...

CVE-2015-4537

Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive...

Hardcoded credentials

Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a 1 SSH or 2 TELNET session...

CVE-2015-2897

Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a 1 SSH or 2 TELNET session...

CVE-2015-2897

CVE-2015-2897 affects Sierra Wireless ALEOS on GX, ES, and LS gateways (before 4.4.2). The issue is multiple hard-coded root accounts that are enabled by default and reachable via SSH or TELNET, enabling a remote attacker to gain full administrative control. The CERT/CCE entry notes these credent...

CVE-2013-7405

The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a...

CVE-2010-5307

The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of 1 operator for the root account, 2 adw2.0 for the admin account, and 3 adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcode...

Hardcoded credentials

GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that...

Hardcoded credentials

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system o...

Hardcoded credentials

GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value...

Hardcoded credentials

GE Healthcare Discovery XR656 and XR656 G2 has a password of 1 2getin for the insite user, 2 4$xray for the xruser user, and 3 superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another...

Hardcoded credentials

The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of 1 shared for the shared user and 2 scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default,...

Hardcoded credentials

GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for 1 Telnet and 2 FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value...

Hardcoded credentials

The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a...