49 matches found
Silex SD-330AC和Silex AMC Manager 安全漏洞
Both the Silex SD-330AC and the Silex AMC Manager are products of the Japanese company Silex. The Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. The Silex AMC Manager is a management software used for centralized management...
CVE-2026-24429
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these default credentials to gain authenticated acce...
CVE-2025-65010
WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...
CVE-2025-65010
WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...
CVE-2025-65010 Missing authorizations for admin panel password change in WODESYS WD-R608U router
WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...
CVE-2025-65010 Missing authorizations for admin panel password change in WODESYS WD-R608U router
WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...
CVE-2025-65010
CVE-2025-65010 (WODESYS WD-R608U router / WDR122B V2.0 / WDR28) is documented with concrete details: multiple Red Hat and NVD entries describe vulnerabilities tied to the WD-R608U platform. Affected issues include Broken Access Control in the initial configuration wizard.cgi endpoint, where an at...
PT-2025-52249
WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...
CVE-2025-64385
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initi...
EUVD-2025-37357
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initi...
CVE-2025-64385 INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initi...
CVE-2025-64385 INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initi...
CVE-2025-64385
CVE-2025-64385 affects Circutor TCPRS1plus. The issue arises when configuring the device via UDP through the manufacturer’s software, where any aspect of the initial configuration can be changed by the device’s MAC address without authentication. The vulnerability is observed in the UDP configura...
PT-2025-44633
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The equipment can be initially configured using the manufacturer's application, Wi-Fi, a web server, or the manufacturer’s software. Configuration via UDP using...
Circutor TCPRS1plus 安全漏洞
Circutor TCPRS1plus is a communication converter from Circutor Spain. A security vulnerability exists in Circutor TCPRS1plus that originates from modifying the initial configuration without authentication when communicating over UDP, which could lead to unauthorized configuration changes...
VulnCheck KEV: CVE-2025-26793
The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials...
CVE-2022-21194
The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00...
CVE-2020-11967
In IQrouter through 3.3.1, remote attackers can control the device restart network, reboot, upgrade, reset because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...
CVE-2024-0001
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges...
FlashArray 安全漏洞
Pure Storage FlashArray is an all QLC flash storage array from Pure Storage, Inc. A security vulnerability exists in FlashArray that originates from a local account used for initial array configuration remaining active, which could allow a malicious actor to gain elevated privileges...