CVE-2025-41699

An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code 'Code Injection'...

EUVD-2019-6150

Malware in sbrugna...

EUVD-2021-7016

Malicious code in bioql PyPI...

EUVD-2024-25281

Malicious code in bioql PyPI...

CVE-2021-32584

An improper access control CWE-284 vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access certain areas of the web management CGI...

CVE-2021-32584

An improper access control CWE-284 vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access certain areas of the web management CGI...

CVE-2015-10123

An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device...

CVE-2024-28134

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as...

CVE-2024-9474

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability...

PT-2024-22284 · Phoenix Contact · Phoenix Contact Charx Sec-3100

Name of the Vulnerable Software and Affected Versions: Phoenix Contact CHARX SEC-3100 versions up to 1.5.1 Description: An unauthenticated remote attacker can extract a session token with a Man-in-the-Middle MitM attack and gain web-based management access with the privileges of the currently...

TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account

Summary Professional FM transmitters. Description The transmitter has a hidden super administrative account 'factory' that has the hardcoded password 'inokram25' that allows full access to the web management interface configuration. The factory account is not visible in the users page of the...

CVE-2023-45741

VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands...

PT-2023-26024 · Elecom +1 · Elecom Wrc-1167Febk-A +8

Name of the Vulnerable Software and Affected Versions: ELECOM WRC-1167GHBK3-A versions 1.24 and earlier ELECOM WRC-1167FEBK-A versions 1.18 and earlier ELECOM WRC-F1167ACF2 all versions ELECOM WRC-600GHBK-A all versions ELECOM WRC-733FEBK2-A all versions ELECOM WRC-1467GHBK-A all versions ELECOM...

CVE-2023-33530

There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges...

CVE-2023-33532

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges...

PT-2023-23442 · Linksys · Linksys E2000

Name of the Vulnerable Software and Affected Versions: Linksys E2000 router version 1.0.06 Description: The issue is a command injection vulnerability. If an attacker gains web management privileges, they can inject commands into the post request parameters wl ssid, wl ant, wl rate, WL atten ctl,...

CVE-2022-45093

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 1. An authenticated remote attacker with access to the Web Based Management 443/tcp of the affected product as well as with access to the SFTP server of the affected product 22/tcp, could potentially read and write...

ELNet Power Meter Unauthenticated Access / Weak Credential Management

ELNet Energy & Electrical Power Meter - Mulitple Vulnerabilities http://elnet.feniks-pro.com/Elnet-LT.php http://www.elnet.cc/product/elnet-lt/ Powermeter with color graphic display for all electrical measurements and harmonics, with TCP/IP and RS485 communication ModBus and Bacnet, panel mounted...

CVE-2015-2915

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the...

Default credentials

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the...