Hardcoded Password

Cisco warns that Unified CM has hardcoded root SSH credentials

July 6, 2025July 6, 2025 geekfeed0Tagged CallManager, cisco, CVE-2025-20309, Hardcoded Password, root, Unified Communications Manager

Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges. Cisco Unified Communications Manager (CUCM), formerly known as Cisco CallManager, serves as the central control system for Cisco’s IP telephony systems, handling call routing, device management, and […]

2 mins read

Brother printer bug in 689 models exposes default admin passwords

June 29, 2025June 29, 2025 geekfeed0Tagged Brother, CVE-2024-51977, CVE-2024-51978, CVE-2024-51979, CVE-2024-51984, FUJIFILM, Hardcoded Password, Konica Minolta, Printer, Ricoh, Toshiba

A total of 689 printer models from Brother, along with 53 other models from Fujifilm, Toshiba, and Konica Minolta, come with a default administrator password that remote attackers can generate. Even worse, there is no way to fix the flaw via firmware in existing printers. The flaw, tracked under CVE-2024-51978, is part of a set of […]

3 mins read

Cisco fixes max severity IOS XE flaw letting attackers hijack devices

May 12, 2025May 12, 2025 geekfeed0Tagged Authentication Bypass, cisco, CVE-2025-20188, Hardcoded Password, JWT, Token, vulnerability

Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. This token is meant to authenticate requests to a feature called ‘Out-of-Band AP Image Download.’ Since it’s hard-coded, anyone can impersonate an authorized user […]

2 mins read

CentreStack RCE exploited as zero-day to breach file sharing servers

April 14, 2025April 14, 2025 geekfeed0Tagged Actively Exploited, CISA, CVE-2025-30406, File Sharing, Gladinet CentreStack, Hardcoded Password, KEV, Remote Code Execution, vulnerability

Hackers exploited a vulnerability in Gladinet CentreStack’s secure file-sharing software as a zero-day since March to breach storage servers Gladinet CentreStack is an enterprise file-sharing and access platform that turns on-premise file servers (like Windows servers with SMB shares) into secure, cloud-like file systems supporting remote access to internal file shares, file syncing and sharing, […]

2 mins read

D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers

September 17, 2024September 17, 2024 geekfeed0Tagged critical RCE, D-Link, Hardcoded Password, hardware, rce, Remote Code Execution, router, WiFi 6, WiFi 6 routers

D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials. The impacted models are popular in the consumer networking market, especially among users looking for high-end WiFi 6 routers (DIR-X) and mesh networking systems (COVR). The bulletin lists five […]

2 mins read