Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-5167

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-13 Feb, 2017 | 21:00
Updated At-05 Aug, 2024 | 14:55
Rejected At-
Credits

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:13 Feb, 2017 | 21:00
Updated At:05 Aug, 2024 | 14:55
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords.

Affected Products
Vendor
n/a
Product
BINOM3 Electric Power Quality Meter
Versions
Affected
  • BINOM3 Electric Power Quality Meter
Problem Types
TypeCWE IDDescription
textN/ABINOM3 Electric Power Quality Meter hardcoded passwords
Type: text
CWE ID: N/A
Description: BINOM3 Electric Power Quality Meter hardcoded passwords
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A
x_refsource_MISC
http://www.securityfocus.com/bid/93028
vdb-entry
x_refsource_BID
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/93028
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/93028
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/93028
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:13 Feb, 2017 | 21:59
Updated At:20 Apr, 2025 | 01:37

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.6HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
binom3
binom3
>>universal_multifunctional_electric_power_quality_meter_firmware>>-
cpe:2.3:o:binom3:universal_multifunctional_electric_power_quality_meter_firmware:-:*:*:*:*:*:*:*
binom3
binom3
>>universal_multifunctional_electric_power_quality_meter>>-
cpe:2.3:h:binom3:universal_multifunctional_electric_power_quality_meter:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-798Primarynvd@nist.gov
CWE ID: CWE-798
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/93028ics-cert@hq.dhs.gov
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01Aics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/93028af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01Aaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/93028
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/93028
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

219Records found
CVE-2014-0175
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 68.96%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 12:40
Updated-06 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mcollective has a default password set at install

Action-Not Available
Vendor-mcollectiveRed Hat, Inc.Perforce Software, Inc. ("Puppet")Debian GNU/Linux
Product-openshiftdebian_linuxmarionette_collectivemcollective
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-15322
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 65.89%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 15:23
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.

Action-Not Available
Vendor-n/aZyxel Networks Corporation
Product-cloudcnm_secumanagern/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2006-7074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.43%
||
7 Day CHG~0.00%
Published-27 Feb, 2007 | 18:00
Updated-07 Aug, 2024 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie.

Action-Not Available
Vendor-smartsitecmsn/a
Product-smartsitecmsn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-31210
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 63.20%
||
7 Day CHG~0.00%
Published-17 Jul, 2022 | 22:40
Updated-03 Aug, 2024 | 07:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts.

Action-Not Available
Vendor-infirayn/a
Product-iray-a8z3_firmwareiray-a8z3n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-2322
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.24% / 46.01%
||
7 Day CHG~0.00%
Published-15 Mar, 2025 | 13:31
Updated-24 Oct, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
274056675 springboot-openai-chatgpt OpenController.java hard-coded credentials

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-274056675274056675
Product-springboot-openai-chatgptspringboot-openai-chatgpt
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-26671
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.3||HIGH
EPSS-0.65% / 70.31%
||
7 Day CHG~0.00%
Published-07 Apr, 2022 | 18:22
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TAIWAN SECOM CO., LTD., a xDoor Access Control and Personnel Attendance Management system - Hard-coded Credentials

Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service.

Action-Not Available
Vendor-secomTAIWAN SECOM CO., LTD.,
Product-dr.id_access_controldr.id_attendance_systemPersonnel Attendance Management system
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-26672
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.3||HIGH
EPSS-1.71% / 82.01%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 06:50
Updated-16 Sep, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS WebStorage - Use of Hard-coded Credentials

ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-webstorageWebStorage
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-25045
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.21%
||
7 Day CHG~0.00%
Published-02 Mar, 2022 | 20:51
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.

Action-Not Available
Vendor-home_owners_collection_management_system_projectn/a
Product-home_owners_collection_management_systemn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-24860
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.34% / 56.41%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 23:25
Updated-22 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability.

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP addresses.

Action-Not Available
Vendor-databasir_projectvran-dev
Product-databasirdatabasir
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-22845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.48% / 94.04%
||
7 Day CHG~0.00%
Published-09 Jan, 2022 | 15:03
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations.

Action-Not Available
Vendor-qxipn/a
Product-homer_webappn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-22813
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.65%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product configuration.

Action-Not Available
Vendor-n/a
Product-easergy_p746_firmwareeasergy_p742easergy_p849easergy_p441easergy_p142_firmwareeasergy_p546easergy_p543easergy_p541easergy_p143_firmwareeasergy_p141easergy_p342easergy_p542easergy_p241_firmwareeasergy_p545_firmwareeasergy_p243_firmwareeasergy_p446easergy_p741easergy_p642easergy_p541_firmwareeasergy_p342_firmwareeasergy_p645easergy_p345_firmwareeasergy_p743easergy_p145easergy_p343_firmwareeasergy_p849_firmwareeasergy_p643_firmwareeasergy_p242_firmwareeasergy_p545easergy_p344easergy_p142easergy_p442easergy_p544easergy_p143easergy_p441_firmwareeasergy_p743_firmwareeasergy_p542_firmwareeasergy_p645_firmwareeasergy_p242easergy_p841easergy_p343easergy_p543_firmwareeasergy_p443_firmwareeasergy_p446_firmwareeasergy_p445_firmwareeasergy_p341_firmwareeasergy_p742_firmwareeasergy_p444_firmwareeasergy_p445easergy_p444easergy_p642_firmwareeasergy_p341easergy_p544_firmwareeasergy_p442_firmwareeasergy_p741_firmwareeasergy_p141_firmwareeasergy_p841_firmwareeasergy_p241easergy_p344_firmwareeasergy_p746easergy_p643easergy_p546_firmwareeasergy_p145_firmwareeasergy_p443easergy_p345easergy_p243Easergy P40 Series model numbers with Ethernet option bit as Q, R, S (All PX4X firmware Versions)
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-23402
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.65%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 09:10
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00

Action-Not Available
Vendor-yokogawaYokogawa Electric Corporation
Product-centum_vp_firmwarecentum_vpcentum_vp_entrycentum_vp_entry_firmwareexaopcExaopcCENTUM VP
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-22928
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.32% / 84.46%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 23:40
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.

Action-Not Available
Vendor-mingsoftn/a
Product-mcmsn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-22987
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.89%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-16 Apr, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advantech ADAM-3600

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-adam-3600_firmwareadam-3600ADAM-3600
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-1162
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-9.1||CRITICAL
EPSS-89.72% / 99.55%
||
7 Day CHG~0.00%
Published-04 Apr, 2022 | 19:46
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-18006
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.49% / 84.99%
||
7 Day CHG~0.00%
Published-14 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.

Action-Not Available
Vendor-n/aRicoh Company, Ltd.
Product-myprintn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-15320
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 65.89%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 15:16
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.

Action-Not Available
Vendor-n/aZyxel Networks Corporation
Product-cloudcnm_secumanagern/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-15321
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 65.89%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 15:20
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.

Action-Not Available
Vendor-n/aZyxel Networks Corporation
Product-cloudcnm_secumanagern/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-34005
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.60% / 81.38%
||
7 Day CHG~0.00%
Published-19 Jun, 2022 | 20:26
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation.

Action-Not Available
Vendor-southrivertechn/a
Product-titan_ftp_server_nextgenn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found