CVE-2014-2969

HIGH Year: 2014
CVSS v2 Score
8.3
High
Weakness Type
CWE-255
View all →

Vulnerability Description

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.

Related Vulnerabilities

CVE-2016-0898

CRITICAL
CVSS:10.0(Critical)

MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were no...

CWE-2552016

CVE-2010-5305

CRITICAL
CVSS:9.8(Critical)

The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthor...

CWE-2552010

CVE-2013-1430

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the us...

CWE-2552013

CVE-2014-4861

CRITICAL
CVSS:9.8(Critical)

The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.

CWE-2552014

CVE-2015-1320

CRITICAL
CVSS:9.8(Critical)

The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.

CWE-2552015

CVE-2015-2874

CRITICAL
CVSS:9.8(Critical)

Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root acco...

CWE-2552015