An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.
CWE-798 Use of Hard-coded Credentials
CWE-798: Use of Hard-coded Credentials
UNI-NMS-Lite uses hard-coded credentials that could allow an
unauthenticated attacker to gain administrative privileges to all
UNI-NMS managed devices.
An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access.
A remote, unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated Remote Code Execution
UNI-NMS-Lite uses hard-coded credentials that could allow an
unauthenticated attacker to read, manipulate and create entries in the
managed database.
An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configura
The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials.
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site us
Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.
An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.
There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely i
Page 1+ Next →