Security
Headlines
HeadlinesLatestCVEs

Tag

#hard_coded_credentials

Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices

After dragging their feet for months Owl Labs has released a patch for vulnerabilities that were publicly disclosed a week ago. The company denies the seriousness of the vulnerabilities. The post Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#vulnerability#git#backdoor#hard_coded_credentials#auth#wifi
CVE-2022-29730: Zero Science Lab » USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor

USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.

CVE-2021-33014

An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.

CVE-2013-10002

A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.

CVE-2022-1467: Support | Cyber Security Updates

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.

CVE-2022-22549: DSA-2022-002: Dell EMC PowerScale OneFS Security Update for Multiple Vulnerabilities

Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials.

CVE-2020-36062: CVE:2020-36062 Dairy Farm Shop Management System — Use of Hard-coded Credentials in Source Code Leads to Admin Panel Access · Issue #3 · VivekPanday12/CVE-

Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.

CVE-2021-21913: TALOS-2021-1361 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability.

CVE-2021-34565: VDE-2021-027 | CERT@VDE

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.

CVE-2021-29722: Security Bulletin: Multiple Vulnerabilities Affect IBM Secure Proxy

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.