26 matches found
EUVD-2025-35944
Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12285
Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12285
Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12285
The CVE-2025-12285 entry concerns Azure Access Technology BLU-IC2 and BLU-IC4 (through 1.19.5) with a missing initial password change. Connected sources confirm affected devices are networked access controllers from BLU-IC2/BLU-IC4 lines, and that the issue stems from not changing the initial def...
CVE-2025-12285 Missing Initial Password Change
Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a missing initial password...
EUVD-2000-0092
Malware in sbrugna...
EUVD-2021-2430
Malware in sbrugna...
Multiple Brother and its OEM products with weak initial administrator passwords
Overview Multiple products provided by BROTHER INDUSTRIES, LTD and other OEM vendors are setup with weak initial administrator passwords, which can be derived from their serial numbers. This is reported by Rapid7, and treated on JVNVU90043828, CVE-2024-51978. Brother states that 1 serial numbers...
CVE-2025-43799
CVE-2025-43799 affects Liferay Portal 7.4.0–7.4.3.111 (and older unsupported versions) and Liferay DXP 2023.Q4.0, 2023.Q3.1–3.4, 7.4 GA up to update 92, and 7.3 GA up to update 35. The issue: APIs may be accessible before a user changes their initial password, allowing remote users to access and ...
Multiple SEIKO EPSON products use weak initial passwords
Overview Multiple SEIKO EPSON products contain the following vulnerability. Use of weak credentials CWE-1391 - CVE-2025-35970 The initial administrator password is easy to guess from the information available via SNMP SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify user...
Insecure initial password configuration issue in SEIKO EPSON Web Config
Overview Web Config is software that allows users to check the status and change the settings of SEIKO EPSON products, e.g., printers and scanners, via a web browser. In the initial setting no administrative password is set, and when a user connects the device and configures Web Config settings f...
PT-2024-32506 · Seiko Epson · Seiko Epson Web Config
Name of the Vulnerable Software and Affected Versions: SEIKO EPSON Web Config affected versions not specified Description: The issue is related to an insecure initial password configuration in SEIKO EPSON Web Config, allowing a remote unauthenticated attacker to set an arbitrary password and...
SEIKO EPSON Web Config 安全漏洞
SEIKO EPSON Web Config is a web configuration page from SEIKO Japan. A security vulnerability exists in SEIKO EPSON Web Config that stems from an insecure initial password configuration...
Rocket.Chat: The initial E2EE password generated by Rocket.Chat mobile can be recovered in a practical timescale.
The initial E2EE password generated by Rocket.Chat mobile prior to version 4.5.1 was found to have insufficient entropy, allowing it to be recovered in a practical timescale by an attacker...
Gradle Security Vulnerabilities
Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle Enterprise versions prior to 2023.1, which stems from an initial system user password that is not unique and could allow a remote attack...
CVE-2023-31459
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password...
PT-2022-21212 · Zimbra · Zimbra Collaboration Open Source
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Open Source version 8.8.15 Description: The issue concerns the lack of encryption for the initial-login randomly created password, which is generated by the zmprove ca command. This password is visible in cleartext on por...
PT-2020-12955 · Iqrouter · Iqrouter
Name of the Vulnerable Software and Affected Versions: IQrouter versions 3.3.1 and earlier Description: The issue allows remote attackers to change the root password arbitrarily using the Lua function diag set password in the web-panel. This can occur on a brand-new network that has not been...
CVE-2019-6696
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...