Eaton Power Xpert Meter Use of Hard-coded Credentials (CVE-2018-16158)

Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins to uid 0 via the PubkeyAuthentication...

Nokia ASIKA 7.13.52 - Hard-coded private key disclosure

// Exploit Title: Nokia ASIKA 7.13.52 - Hard-coded private key disclosure // Date: 2023-06-20 // Exploit Author: Amirhossein Bahramizadeh // Category : Hardware // Vendor Homepage: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25187/ // Version: 7.13.52...

From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet

Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service DDoS attacks. "The Diicot name is significant, as it's also the name of the Romanian organized crime...

CVE-2023-25187

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change factory-time installed default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server disable...

CVE-2023-25187

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change factory-time installed default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server disable...

Default credentials

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change factory-time installed default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server disable...

PT-2023-19968 · Nokia · Nokia Airscale Asika Single Ran

Name of the Vulnerable Software and Affected Versions: NOKIA Airscale ASIKA Single RAN devices versions prior to 21B Description: An issue was discovered where Nokia Single RAN commissioning procedures do not change the default SSH public/private key values that are specific to a network operator...

CVE-2023-25187

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change factory-time installed default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server disable...

CVE-2023-25187

CVE-2023-25187 affects Nokia Airscale ASIKA Single RAN devices pre-21B. The issue stems from factory-time default SSH keys tied to the operator not being changed during commissioning, allowing potential MITM of the BTS service user accessed during troubleshooting when SSH is enabled. Several sour...

CVE-2023-25187

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change factory-time installed default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server disable...

Debian dla-3455 : golang-golang-x-crypto-dev - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3455 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3455-1 [email protected]...

New Diicot Threat Group Targets SSH Servers with Brute-Force Malware

By Waqas Diicot, previously known as Mexals, is a relatively new threat group that possesses extensive technical knowledge and has a broad range of objectives. This is a post from HackRead.com Read the original post: New Diicot Threat Group Targets SSH Servers with Brute-Force Malware...

CVE-2023-28175

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request...

CVE-2023-28175

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request...

Authorization

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request...

CVE-2023-28175

CVE-2023-28175 concerns Bosch VMS, where the SSH server permits a remote authenticated user to access resources on the trusted internal network via a port forwarding request due to improper authorization. Affected products are Bosch VMS versions 11.0, 11.1.0, and 11.1.1. The CVE entry is corrobor...

CVE-2023-28175

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request...

Huawei EulerOS: Security Advisory for tigervnc (EulerOS-SA-2023-2176)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : tigervnc (EulerOS-SA-2023-2176)

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory,...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2188)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...