The ABB Cylon Aspect BMS/BAS controller has hard-coded credentials such as usernames, passwords, and encryption keys in various java classes. This vulnerability could be exploited by attackers to gain unauthorized access and compromise system integrity.
The Aztech DSL5005EN router/modem allows an attacker to change the admin password without authentication, by sending a crafted HTTP request to the 'sysAccess.asp' endpoint. This could lead to unauthorized access and control of the device.
The Palo Alto Networks Expedition version 1.2.90.1 is vulnerable to an admin account takeover. By exploiting this vulnerability, an attacker can reset the admin password to 'paloalto' and gain access to the admin panel.
The ABB BMS/BAS controller in ABB Cylon Aspect 3.07.01 operates with default and hard-coded credentials included in the installation package, making it vulnerable when exposed to the Internet.
The CommScope Ruckus IoT Controller version 1.7.1.0 and earlier contains an upgrade account that provides undocumented access via Secure Copy (SCP), allowing unauthorized individuals to access the virtual appliance.
The ABB Cylon FLXeon BACnet controller in versions <=9.3.4 uses weak default administrative credentials, which can be exploited in remote password attacks to gain unauthorized access and full control of the system.
Elber Wayber Analog/Digital Audio STL 4.00 devices are vulnerable to unauthenticated device configuration and disclosure of hidden functionalities on the client-side. An attacker can exploit this issue to modify device configurations without authentication and reveal hidden functionalities that are not intended for regular users.
The Siklu MultiHaul TG series with a version less than 2.0.0 allows unauthenticated credential disclosure. By exploiting this vulnerability, an attacker can obtain random generated username and password, gaining unauthorized access to the device.
The Saflok KDF (Key Derivation Function) exploit allows an attacker to derive encryption keys from a 32-bit UID value, resulting in unauthorized access to the system. This vulnerability does not have a CVE assigned yet.
Automatic Systems SOC FL9600 FastLine V06 device contains hardcoded login credentials for the super admin account, which cannot be changed. An attacker can exploit this vulnerability to gain sensitive information using the following credentials: Login: automaticsystems, Password: astech. This vulnerability is identified as CVE-2023-37608.
Services By CQR