22 matches found
CVE-2026-11405
The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...
PT-2026-55969
Name of the Vulnerable Software and Affected Versions Tenda firmware US FH1201V1.0BR V1.2.0.14408 EN TD Tenda firmware US W15EV1.0br V15.11.0.51068 1567 841 EN TDE Tenda firmware US AC10V1.0re V15.03.06.46 multi TDE01 Tenda firmware US AC5V1.0RTL V15.03.06.48 multi TDE01 Tenda firmware US...
CVE-2026-22543
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...
EUVD-2023-43937
Malicious code in bioql PyPI...
CVE-2023-3261
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary...
CVE-2023-0457
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server...
CVE-2023-40706
There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login...
CVE-2023-3261
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary...
CVE-2023-3261
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary...
Advantech Trust Management Issues Vulnerabilities
Advantech, an application of Advantech China, provides intelligent electric bus management systems. A trust management issue vulnerability exists in Advantech ADAM-3600, which stems from a hard-coded private key available in the project folder, and can be exploited by an attacker to achieve Web...
CVE-2022-22987
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...
CVE-2022-22987
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...
Hardcoded credentials
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...
CVE-2022-22987 Advantech ADAM-3600
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...
CVE-2022-22987
CVE-2022-22987 affects Advantech ADAM-3600 (e.g., up to version 2.6.2) where a hard-coded private key in the project folder enables Web Server login and further actions. Technical detail: use of a hard-coded cryptographic key (CWE-321). Impact as described: attacker could gain unauthorized access...
Advantech 信任管理问题漏洞
Advantech, an application of Advantech China, provides intelligent electric bus management systems. A trust management issue vulnerability exists in Advantech ADAM-3600, which stems from a hard-coded private key available in the project folder, and can be exploited by an attacker to achieve Web...
Advantech ADAM-3600
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: ADAM-3600 Vulnerability: Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized access to intercept traffic...
Command Execution Vulnerability in SeaCMS V210530
Ocean CMS is a PHP MYSQL-based architecture, professional open source free PHP film and television system, can be cross-platform operation of the web content management system. A command execution vulnerability exists in SeaCMS V210530. An attacker can exploit this vulnerability to obtain web...
CVE-2013-0142
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors...
CVE-2013-0142
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors...