The ABB Cylon Aspect BMS/BAS controller has hard-coded credentials such as usernames, passwords, and encryption keys in various java classes. This vulnerability could be exploited by attackers to gain unauthorized access and compromise system integrity.
Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within its Linux distribution and also the hidden web application running on the camera. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the camera. Further, using the web interface credentials will provide access to a camera stream and configuration details, including third-party API keys.
USR-G806 is a industrial 4G wireless LTE router which provides a solution for users to connect own device to 4G network via WiFi interface or Ethernet interface. USR-G806 adopts high performance embedded CPU which can support 580MHz working frequency and can be widely used in Smart Grid, Smart Home, public bus and Vending machine for data transmission at high speed. USR-G806 is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. The 'usr' account with password 'www.usr.cn' has the highest privileges on the device. The password is also the default WLAN password.
Cypress Solutions CTM-200/CTM-ONE devices are prone to hard-coded credentials vulnerability. Attackers can exploit this issue to gain access to the affected device and execute arbitrary code with root privileges.
FLIR utilizes hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the camera.
InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle (IPD-02-S only) to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. InfraPower suffers from a use of hard-coded credentials. The IP dongle firmware ships with hard-coded accounts that can be used to gain full system access (root) using the telnet daemon on port 23.
NC220 and NC200 utilizes hard-coded credentials within its Linux distribution image. These sets of credentials (root:root) are never exposed to the end-user and cannot be changed through any normal operation of the camera.
Merit Lilin Enterprise Co., Ltd. has released a security advisory for multiple vulnerabilities in its L series products with firmware 1.4.36/1.2.02, OS Version: Linux 2.6.38/Linux 2.6.32. The vulnerabilities include Multiple Cross-site Request Forgery, Multiple Cross-site Scripting/HTML Injection, Hard-coded credentials, Cleartext sensitive data, Weak Passwords/Known credentials, Account lockout, Poorly Protected Credentials. These vulnerabilities affect the device administrative interface, authentication, and authorization.
Inim Electronics SmartLiving SmartLAN/G/SI <=6.x is vulnerable to hard-coded credentials. The SmartLAN/G/SI board contains hard-coded credentials that can be used to gain access to the system. The credentials are stored in plain text in the board's memory and can be accessed by anyone with physical access to the board.
Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers and names of printed files.
Services By CQR