Security
Headlines
HeadlinesLatestCVEs

Tag

#hard_coded_credentials

CVE-2020-36062: CVE:2020-36062 Dairy Farm Shop Management System — Use of Hard-coded Credentials in Source Code Leads to Admin Panel Access · Issue #3 · VivekPanday12/CVE-

Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.

CVE
Open in Source
#sql#windows#php#hard_coded_credentials#auth#ssh
CVE-2021-21913: TALOS-2021-1361 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability.

CVE-2021-34565: VDE-2021-027 | CERT@VDE

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.

CVE-2021-29722: Security Bulletin: Multiple Vulnerabilities Affect IBM Secure Proxy

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.

CVE-2021-21820: TALOS-2021-1285 || Cisco Talos Intelligence Group

A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2021-33538: VDE-2021-026 | CERT@VDE

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

CVE-2021-27452

The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).

CVE-2021-22667

BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior).

CVE-2020-4854: Static Credential Vulnerability in IBM Spectrum Protect Plus (CVE-2020-4854)

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.

CVE-2020-16170: Call an Exorcist! My Robot’s Possessed!

Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors.