The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user pa
The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files t
Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and ob
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obt
Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service
Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakne
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and sys
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attack
Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 c
Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a speci
Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers to derive va
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute syste
The ELCA Star Transmitter Remote Control firmware 1.25 for STAR150, BP1000, STAR300, STAR2000, STAR1000, STAR500, and possibly other models, contains an information disclosure vulnerability allowing u
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interf
Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is
A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets t
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a har
Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers
Page 1+ Next →