homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy.
Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.
General Electric D20ME devices are not properly configured and reveal plaintext passwords.
webauth before 4.6.1 has authentication credential disclosure
Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords.
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can al...
Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generati...