Elber Wayber Analog/Digital Audio STL 4.00 devices are vulnerable to unauthenticated device configuration and disclosure of hidden functionalities on the client-side. An attacker can exploit this issue to modify device configurations without authentication and reveal hidden functionalities that are not intended for regular users.
The Siklu MultiHaul TG series with a version less than 2.0.0 allows unauthenticated credential disclosure. By exploiting this vulnerability, an attacker can obtain random generated username and password, gaining unauthorized access to the device.
The Saflok KDF (Key Derivation Function) exploit allows an attacker to derive encryption keys from a 32-bit UID value, resulting in unauthorized access to the system. This vulnerability does not have a CVE assigned yet.
Automatic Systems SOC FL9600 FastLine V06 device contains hardcoded login credentials for the super admin account, which cannot be changed. An attacker can exploit this vulnerability to gain sensitive information using the following credentials: Login: automaticsystems, Password: astech. This vulnerability is identified as CVE-2023-37608.
The TEM Opera Plus FM Family Transmitter 35.45 allows unauthorized access to a vulnerable endpoint, enabling an attacker to upload a binary image to the MPFS File System without any authentication. This vulnerability can be exploited to overwrite the flash program memory containing the web server's main interfaces, leading to the execution of arbitrary code.
The Automatic Systems SOC FL9600 FastLine device with version V06 contains hardcoded login credentials for a super admin account. An attacker can exploit this vulnerability to access sensitive information using the admin login credentials.
The R Radio FM Transmitter 1.07 system.cgi endpoint has an improper access control vulnerability that allows unauthenticated users to access and reveal the clear-text password of the admin user. This disclosure enables attackers to bypass authentication and gain unauthorized access to the FM station setup.
The R Radio FM Transmitter 1.07 system.cgi endpoint has an improper access control vulnerability that allows unauthenticated users to access and reveal the clear-text password of the admin user. This disclosure enables attackers to bypass authentication and gain unauthorized access to the FM station setup.
This exploit allows an unauthenticated user to create an admin account in Crypto Currency Tracker (CCT) version 9.5. By sending a POST request to the /en/user/register endpoint with the required parameters, the attacker can create a new admin account without proper authentication.
This exploit allows an attacker to change the admin username and password and add a new admin user in AdaptCMS Lite version 1.5. The attacker can modify the values in the HTML form to specify the new username, password, email, and level of the admin user.