CVE-2026-28778

International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...

CVE-2026-29119

IDC SFX Series SuperFlex (SFX2100) SatelliteReceiver has hardcoded insecure admin credentials allowing unauthenticated Telnet access, enabling potential remote compromise. Documented affects IDC SFX2100; no details on affected versions or fixes are provided in the connected sources. Remediation s...

EUVD-2025-203251

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

CVE-2025-36752

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

CVE-2025-36752

CVE-2025-36752 affects Growatt ShineLan-X communication dongle. The vulnerability arises from an undocumented backup account with undocumented credentials, enabling high-privilege access and potentially full control of the device, including the Setting Center. Multiple sources corroborate a backd...

CVE-2025-36752 Undocumented backup Account and No Password Configuration Capability

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

PT-2025-51101

Name of the Vulnerable Software and Affected Versions Growatt ShineLan-X communication dongle affected versions not specified Description The Growatt ShineLan-X communication dongle contains an undocumented backup account with undocumented credentials. This allows significant access to the device...

EUVD-2018-18203

Malware in sbrugna...

EUVD-2019-16769

Malware in sbrugna...

CVE-2018-6446

A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications...

Quantum StorNext Web GUI API 信任管理问题漏洞

The Quantum StorNext Web GUI API is a high-performance file sharing and data management interface from Quantum. A security vulnerability exists in the Quantum StorNext Web GUI API prior to version 7.2.4, which stems from possible access to internal configurations and modification of software...

CVE-2025-46617

The CVE-2025-46617 issue affects Quantum StorNext components: StorNext RYO, StorNext Xcellis Workflow Director, and ActiveScale Cold Storage, all prior to version 7.2.4. The vulnerability enables access to internal StorNext configuration and allows unauthorized modification of several software co...

CVE-2024-32740

A vulnerability has been identified in SIMATIC CN 4100 All versions V3.0. The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network...

Siemens SIMATIC CN 4100 信任管理问题漏洞

The Siemens SIMATIC CN 4100 is a communication node from Siemens, Germany. A security vulnerability exists in the Siemens SIMATIC CN 4100 due to an affected device containing undocumented users and credentials. An attacker could exploit the vulnerability to misuse the credentials to compromise th...

CVE-2022-29953

The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality...

CVE-2018-6446

A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications...

Design/Logic Flaw

A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications...

Brocade Network Advisor Elevation of Privilege Vulnerability

Brocade Network Advisor is a set of management tools for the entire network lifecycle from Brocade Communications Systems Brocade. A security vulnerability exists in Brocade Network Advisor versions prior to 14.3.1. A remote attacker with undocumented user credentials could exploit the...

CVE-2019-7225

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags MODBUS coils mapping to the HMI. These credentials are the idal123...

Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution

Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution / Exploit Title: Brocade Network Advisor - Unauthenticated Remote Code Execution Date: 2017-03-29 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.broadcom.com/ CVE: CVE-2018-6443 Version: Tested on Brocade Netwo...