A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.
An unauthenticated attacker can hijack other users' devices and potentially control them.
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.
An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potential
A remote unauthenticated attacker who has bypassed authentication could
execute arbitrary OS commands to disclose, tamper with, destroy or
delete information in Mitsubishi Electric smartRTU, or caus
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthe
Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place.
This could allow an unauthenticated attacker to gain
Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off).
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.
The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution.
The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.
The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to
An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.
A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device.
The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.
An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.