Default credentials

The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables...

Information disclosure

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another...

CVE-2021-23855 Information disclosure

The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables...

CVE-2021-23858

CVE-2021-23858 describes an information-disclosure vulnerability affecting Bosch Rexroth IndraMotion Mlc devices. An unprotected web server resource exposes the main configuration (including users and hashed passwords) and another unprotected resource exposes device details (serial number and fir...

CVE-2021-23858 Information disclosure

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another...