17 matches found
HP Printer Weak Password Requirement (CVE-2009-0941)
The HP Embedded Web Server EWS on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...
PT-2026-28644
Name of the Vulnerable Software and Affected Versions TL-WR850N version 3 Description The issue allows for the storage of administrative and Wi-Fi credentials in cleartext within a region of the device’s flash memory. The serial interface remains enabled and is protected by weak authentication. A...
EUVD-2021-21857
Malware in sbrugna...
EUVD-2018-3710
Malware in sbrugna...
CVE-2025-54876
The Janssen Project is an open-source identity and access management IAM platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local clicmd.log file. This is fixed in the nightly prerelease...
CVE-2022-24744
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3...
CVE-2021-25970
Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed...
D-Link DIR-823G Multiple Vulnerabilities (2023 - 2025)
D-Link DIR-823G devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2023-26615
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password...
CVE-2023-26615
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password...
Multiple vulnerabilities in multiple Aterm products
Overview Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2021-20680 OS command injection via UPnP CWE-78 - CVE-2014-8361 CVE-2021-20680 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this...
Unspecified Vulnerability in ZyXEL GS1900
ZyXEL GS1900 is a managed switch from ZyXEL Taiwan, China. A security vulnerability exists in the Zyxel GS1900 using firmware prior to version 2.50AAHH.0C0. The vulnerability can be exploited by an attacker to obtain the management password...
CVE-2018-11691
Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue, and the patches can be downloaded from...
Netgear device web interface login password disclosure vulnerability
Netgear is a global leader in enterprise networking solutions and a champion of digital home networking applications. A web interface login password disclosure vulnerability exists in several Netgear devices. When password recovery is disabled, an attacker with access to the internal network or...
Rockwell Automation Allen-Bradley MicroLogix PLC authentication and authorization vulnerabilities
Overview Rockwell Automation Allen-Bradley MicroLogix programmable logic controllers PLCs do not adequately authenticate or authorize remote connections or commands. An attacker with network access can obtain the management password or issue commands that bypass the authentication mechanism...
CVE-2009-0941
The CVE-2009-0941 entry concerns the HP Embedded Web Server (EWS) used by HP LaserJet, Edgeline Printers, and Digital Senders. The vulnerability is due to the device exposing an interface with no management password by default, which can enable remote access. According to the NVD entry, this is a...
CVE-2004-0680
The CVE concerns the Zoom X3 ADSL modem: a terminal on port 254 can be accessed using the default HTML management password even if the HTTP interface password was changed, potentially granting remote attackers unauthorized access. No exploitation details are provided in the connected documents.