5 matches found
CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key
Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...
CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account Vulnerability
An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy SCP. 1. Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798:...
CommScope Ruckus IoT Controller Undocumented Account
Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-912: Hidden Functionality CVE ID: CVE-2021-33216 2. Vulnerability Description An upgrade...
CVE-2017-7336
A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges...
Fortinet FortiWLM Command Execution Vulnerability
Fortinet FortiWLM is a wireless network device management platform developed by the U.S. Fiat Fortinet. A security vulnerability exists in the hard-coded password account named 'upgrade' in Fortinet FortiWLM 8.3.0 and prior versions. A remote attacker could exploit this vulnerability to execute...