334 matches found
PT-2025-18701 · Tenda · Tenda Rx2 Pro
Name of the Vulnerable Software and Affected Versions: Tenda RX2 Pro version 16.03.30.14 Description: The issue concerns the use of weak credentials, allowing an unauthenticated attacker to authenticate to the telnet service. This is achieved by calculating the root password based on easily...
CVE-2025-46627
Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address...
CVE-2025-46627
Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address...
CVE-2025-46627
CVE-2025-46627 concerns a weak-credentials issue in the Tenda RX2 Pro. Affected: Tenda RX2 Pro with firmware 16.03.30.14. Description from multiple sources: an unauthenticated attacker can authenticate to the Telnet service by deriving the root password from easily obtainable device information, ...
The vulnerability of Philips IntelliSpace Cardiovascular’s image and data management system, related to the use of weak credentials, allows unauthorized access to the records.
The vulnerability of Philips IntelliSpace Cardiovascular’s image and data management system lies in the use of weak credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to the user accounts...
Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign
Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a...
Brocade Fabric OS Remote Code Execution / Information Disclosure
Brocade Fabric OS versions prior to 9.2.2 suffer from 10 vulnerabilities including, but not limited to, remote code execution, information disclosure, man-in-the-middle, weak cryptography, and hardcoded key vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Titl...
CVE-2024-21865
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell...
CVE-2024-29071
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings...
PT-2025-12330
Name of the Vulnerable Software and Affected Versions Nebula Informatics SecHard versions prior to 3.3.0.20220411 Description The issue is related to the incorrect use of privileged APIs, cleartext transmission of sensitive information, and insufficiently protected credentials. This allows for...
Top 10 Passwords Hackers Use to Breach RDP – Is Yours at Risk?
Top 10 Passwords hackers use to breach RDP revealed! Weak credentials cause successful cyberattacks- check if yours is on the list and secure your system now...
CVE-2025-2229 Philips Intellispace Cardiovascular (ISCV) Use of Weak Credentials
A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations...
CVE-2025-2229 Philips Intellispace Cardiovascular (ISCV) Use of Weak Credentials
A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations...
Under The Hoodie: The Pen Test Diaries
Breaking In So You Don’t Have To Each year, Rapid7 penetration testers conduct over 1,000 security assessments, pushing boundaries to expose vulnerabilities before the bad guys do. The mission? Get in, escalate privileges, and own the environment—physically, digitally, or sometimes just by...
The vulnerability of the HS256 algorithm implementation in the Knowledge Space integrated planning platform lies in the use of weak credentials. This allows a hacker to gain full access to the platform.
The vulnerability of the HS256 algorithm implementation in the Knowledge Space integrated planning platform lies in the use of weak authentication data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full access to the platform...
CVE-2025-1081
A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. Th...
CVE-2025-1081 Bharti Airtel Xstream Fiber WiFi Password weak credentials
A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. Th...
CVE-2025-1081 Bharti Airtel Xstream Fiber WiFi Password weak credentials
A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. Th...
CVE-2025-1081
CVE-2025-1081 affects Bharti Airtel Xstream Fiber (up to 20250123) and its WiFi Password Handler. The issue enables use of weak credentials via local-network access, with attack complexity rated as HIGH and affected confidentiality as PARTIAL. Multiple sources note the exploit has been disclosed ...
Airtel Xstream 安全漏洞
Airtel Xstream is a streaming controller from Airtel India. A security vulnerability exists in Airtel Xstream 20250123 and earlier versions, which stems from the use of weak credentials by the WiFi Password Handler component, resulting in an attack that can be carried out on the local network...