#hard_coded_credentials

Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Fujitsu Limited Equipment: Real-time Video Transmission Gear "IP series" Vulnerability: Use Of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker logging into the web interface using the obtained credentials. The attacker could initialize or reboot the products, terminating the video transmission. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Real-time Video Transmission Gear "IP series", a hosted web application, are affected: Real-time Video Transmission Gear "IP series" IP-HE950E: firmware versions V01L001 to V01L053 Real-time Video Transmission Gear "IP series" IP-HE950D: firmware versions V01L001 to V01L053 Real-time Video Transmission Gear "IP series" IP-HE900E: firmware versions V01L001 to V01L010 Real-time Video Transmission Gear "IP series" IP-HE900D: firmware versions V01L001 to V01L004 Real-time Video Transmission Ge...

A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.

By Waqas Trellix's researchers uncovered a series of vulnerabilities in two prominent data center equipment vendors: CyberPower and Dataprobe. This is a post from HackRead.com Read the original post: Data center flaws spurred disruptions, espionage and malware attacks

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.

Multiple security vulnerabilities impacting CyberPower's PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe's iBoot Power Distribution Unit (PDU) could be potentially exploited to gain unauthenticated access to these systems and inflict catastrophic damage in target environments. The nine vulnerabilities, from CVE-2023-3259 through CVE-2023-3267, carry

Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access.

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device.

Given the privileged position these devices occupy on the networks they serve, they are prime targets for attackers, so their security posture is of paramount importance.

The threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal. "The cybercriminals' main goals are still espionage and theft of confidential information, but the group has expanded its interests and the geography of its attacks," Positive