The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway.
In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the...
The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However...
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those ser...
Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as...
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http...
Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.