Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Default credentials on web interface of Evolution Controller Versions allows attackers to login and perform administrative functions
Vulnerability Description
Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1392
Vulnerability Title
DirectCyber Evolution Controller 安全漏洞
Vulnerability Description
DirectCyber Evolution Controller是DirectCyber公司的一款门禁控制器软件,用于控制器对设施的物理访问。 DirectCyber Evolution Controller 2.x 版本及之前版本存在安全漏洞,该漏洞源于 Web 界面上的默认凭据允许任何人直接登录服务器以执行管理功能。安装或首次登录时,应用程序不会要求用户更改密码。
CVSS Information
N/A
Vulnerability Type
N/A