#hard_coded_credentials

Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled.

Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.

A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.

Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.

Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Fujitsu Limited Equipment: Real-time Video Transmission Gear "IP series" Vulnerability: Use Of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker logging into the web interface using the obtained credentials. The attacker could initialize or reboot the products, terminating the video transmission. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Real-time Video Transmission Gear "IP series", a hosted web application, are affected: Real-time Video Transmission Gear "IP series" IP-HE950E: firmware versions V01L001 to V01L053 Real-time Video Transmission Gear "IP series" IP-HE950D: firmware versions V01L001 to V01L053 Real-time Video Transmission Gear "IP series" IP-HE900E: firmware versions V01L001 to V01L010 Real-time Video Transmission Gear "IP series" IP-HE900D: firmware versions V01L001 to V01L004 Real-time Video Transmission Ge...

A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.

By Waqas Trellix's researchers uncovered a series of vulnerabilities in two prominent data center equipment vendors: CyberPower and Dataprobe. This is a post from HackRead.com Read the original post: Data center flaws spurred disruptions, espionage and malware attacks

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.

Multiple security vulnerabilities impacting CyberPower's PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe's iBoot Power Distribution Unit (PDU) could be potentially exploited to gain unauthenticated access to these systems and inflict catastrophic damage in target environments. The nine vulnerabilities, from CVE-2023-3259 through CVE-2023-3267, carry