CVE-2020-37092

Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device...

CVE-2020-37092 Netis E1+ 1.2.32533 - Backdoor Account (root)

Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device...

CVE-2020-37092

CVE-2020-37092 affects Netis E1+ devices with firmware 1.2.32533, where a hardcoded root account allows unauthenticated attackers to gain full administrative access via a predefined crackable password. This vulnerability enables remote compromise with network access and is supported by multiple s...

CVE-2019-25254

KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when...

CVE-2019-25254 KYOCERA Net Admin 3.4.0906 Cross-Site Request Forgery via User Administration

KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when...

CVE-2018-25138 FLIR AX8 Thermal Camera 1.32.16 Hard-Coded Credentials Authentication Bypass

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

PT-2025-53340

Name of the Vulnerable Software and Affected Versions KYOCERA Net Admin version 3.4.0906 Description The software contains a cross-site request forgery condition that permits attackers to create administrative users without sufficient request validation. An attacker can construct malicious web...

PT-2024-3625 · Ge Healthcare · Ge Healthcare Echopac

Name of the Vulnerable Software and Affected Versions: GE HealthCare EchoPAC affected versions not specified Description: The issue is related to the use of predefined credentials in the software. Exploitation of this issue may allow a remote attacker to elevate privileges and execute arbitrary...

UBUNTU-CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

PT-2014-1991 · Trane · Trane Comfortlink Ii

Name of the Vulnerable Software and Affected Versions: Trane ComfortLink II SCC firmware version 2.0.2 Description: The issue is related to a design flaw in the service that allows remote attackers to gain complete control of the system. It is also associated with the exploitation of predefined...