hardcoded credentials – WindowsTechs.com

IDenticard Zero-Days Allow Corporate Building Access, Location Recon

Posted on January 15, 2019 by Tara Seals

Multiple hardcoded passwords allow attackers to create badges to gain building entry, access video surveillance feeds, manipulate databases and more. Continue reading IDenticard Zero-Days Allow Corporate Building Access, Location Recon→

Western Digital My Cloud EX2 NAS Device Leaks Files

Posted on April 25, 2018 by Tom Spring

Default configuration of WD’s My Cloud storage device keeps port open for unprivileged data exfiltration within a network. Continue reading Western Digital My Cloud EX2 NAS Device Leaks Files→

Bugs in Arris Modems Distributed by AT&T Vulnerable to Trivial Attacks

Posted on August 31, 2017 by Michael Mimoso

Trivially exploitable vulnerabilities in several Arris home modems, routers and gateways distributed to consumers and small businesses through AT&T’s U-verse service have been discovered. Continue reading Bugs in Arris Modems Distributed by AT&T Vulnerable to Trivial Attacks→

Two Popular IP Cameras Riddled With Vulnerabilities

Posted on August 3, 2017 by Tom Spring

Two IP cameras sold by Loftek and VStartcam are leaving over 1.3 million users open to 21 vulnerabilities that range from a lack of HTTPS encryption to bugs that open users up to cross-site request forgery attacks. Continue reading Two Popular IP Cameras Riddled With Vulnerabilities→

Two Popular IP Cameras Riddled With Vulnerabilities

Posted on August 3, 2017 by Tom Spring

ICS, SCADA Security Woes Linger On

Posted on February 6, 2017 by Michael Mimoso

A recent batch of vulnerabilities in Honeywell building automation system software epitomize the linger security issues around SCADA and industrial control systems. Continue reading ICS, SCADA Security Woes Linger On→

VU#548399: Dentsply Sirona CDR DICOM contains multiple hard-coded credentials

Posted on September 6, 2016 by CERT

The Dentsply Sirona(previously known as Shick Technologies)CDR DICOM is software for managing medical dental records. CDR DICOM contains several hard-coded credentials allowing administrative or root access. Continue reading VU#548399: Dentsply Sirona CDR DICOM contains multiple hard-coded credentials→

VU#856152: NUUO and Netgear Network Video Recorder (NVR) products web interfaces contain multiple vulnerabilities

Posted on August 4, 2016 by CERT

NUUO NVRmini 2,NVRsolo,Crystal,and Netgear ReadyNAS Surveillance products have web management interfaces containing multiple vulnerabilities that can be leveraged to gain complete control of affected devices. Continue reading VU#856152: NUUO and Netgear Network Video Recorder (NVR) products web interfaces contain multiple vulnerabilities→