197 matches found
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
This repository contains Nmap NSE Network Sniffer Engine scripts designed to check for log4shell or LogJam vulnerabilities CVE-2021-44228 in various services. The scripts are written in Lua and are intended to be used with the Nmap network scanning tool. The scripts are categorized into different...
PT-2025-35225
Name of the Vulnerable Software and Affected Versions: AiondaDotCom mcp-ssh versions through 1.0.3 Description: A security flaw exists in AiondaDotCom mcp-ssh related to an unknown functionality within the file server-simple.mjs component. Manipulation of this functionality can lead to remote...
CVE-2025-8731
A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...
CVE-2025-8731 TRENDnet TI-G160i/TI-PG102i/TPL-430AP SSH Service default credentials
A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...
CVE-2025-8731 TRENDnet TI-G160i/TI-PG102i/TPL-430AP SSH Service default credentials
A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...
CVE-2025-43980
An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable the account...
PT-2025-31964 · Undefined · Undefined
Hi, I run a following script for a vulnerability test for my home network; nmap 192.168.1.1/24 -n -sP |rg -o "192." scan.txt nmap -sV --script vulners --script-args mincvss=7.0 -iL scan.txt Then I get this Vulner output in port 80; Nmap scan report for 192.168.1.5 Host is up 0.00021s latency. Not...
PT-2025-31947 · Firstnum · Firstnum Jc21A-04
Name of the Vulnerable Software and Affected Versions: FIRSTNUM JC21A-04 devices versions through 2.01ME/FN Description: FIRSTNUM JC21A-04 devices enable the SSH service by default with the credentials root/admin. The graphical user interface GUI does not provide a method to disable this account...
CVE-2025-43980
An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable the account...
CVE-2025-43980
The CVE pertains to FIRSTNUM JC21A-04 devices (versions through 2.01ME/FN). The issue is that SSH is enabled by default and authenticates with root/admin credentials, and the GUI provides no way to disable this account. This creates an environment where remote access could be gained under default...
CVE-2025-24332
Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-authenticate the user when they connect from the baseband system board to the baseband capacity board...
CVE-2025-24332
Nokia Single RAN AirScale baseband prior to 23R4-SR 3.0 MP is affected. An authenticated administrative user can move laterally across baseband boards via the internal bsoc SSH over the baseband backplane, using an SSH private key on the baseband system board, without re-authentication. This effe...
CVE-2024-28812
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service on the local management network interface with hardcoded credentials allows attackers to access the appliance operating system with highest privileges via an SSH connection...
CVE-2023-48251
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account...
CVE-2023-39808
N.V.K.INTER CO., LTD. NVK iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service...
CVE-2022-30318
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of...
CVE-2019-15017
The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials...
CVE-2019-14326
An issue was discovered in AndyOS Andy versions up to 46.11.113. By default, it starts telnet and ssh ports 22 and 23 with root privileges in the emulated Android system. This can be exploited by remote attackers to gain full access to the device, or by malicious apps installed inside the emulato...
CVE-2025-28202
Incorrect access control in Victure RX1800 ENV1.0.0r12110933 allows attackers to enable SSH and Telnet services without authentication...
CVE-2025-28202
Incorrect access control in Victure RX1800 ENV1.0.0r12110933 allows attackers to enable SSH and Telnet services without authentication...