CVE-2023-2645

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
CVSS v2 Score
10.0
Critical
Weakness Type
CWE-259
View all →

Vulnerability Description

A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded password. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-228774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2014-125030

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The ...

CWE-2592014

CVE-2014-5434

CRITICAL
CVSS:9.8(Critical)

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter a...

CWE-2592014

CVE-2015-3953

CRITICAL
CVSS:9.8(Critical)

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. H...

CWE-2592015

CVE-2016-9358

CRITICAL
CVSS:9.8(Critical)

A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bi...

CWE-2592016

CVE-2017-20039

CRITICAL
CVSS:9.8(Critical)

A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to...

CWE-2592017

CVE-2017-6022

CRITICAL
CVSS:9.8(Critical)

A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use har...

CWE-2592017