Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmis
The embedded web interface of the device does not support HTTPS/TLS for
authentication and uses HTTP Basic Authentication. Traffic is encoded
but not encrypted, exposing user credentials to passive
A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in credentials being sent in clear text.
An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potential
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP.
The vulnerabil
Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/system_config_file management endpoint. The endpoint allows remote retrieval of a compressed
CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure
of data when network traffic is being sniffed by an attacker.
The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol.
The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby interce
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected d
The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.
A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI.
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data s
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffi
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart.
This vulne
A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credent
A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to in
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an
attacker to execute unauthorized commands when a system’s default password credentials have not
Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication,
Page 1+ Next →