Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has hard-coded credentials.
db2280c889805e3b1cc8bca7d28bca9faff15b7e7003176695d43071203d731f
Barracuda WAF V360 with firmware 8.0.1.014 suffers from a support tunnel hijacking vulnerability.
b5f3e2e56c5e431a0f7904096cd26eb5b819f5e04765f0ca18b7e34eeb0f1740
The Barracuda WAF management application transmits the current user and session identifier over HTTP GET. Firmware version 8.0.1.014 is affected.
7086b580e0510a02f02451754011dfa92817d22fce4942667a0c2c95727a7c68
The grub password for all Barracuda WAF V360 virtual appliances is four characters in length and, as a result, may be trivially easy to crack. Firmware version 8.0.1.014 is affected.
c30a6c337f827c7f205331146c21efde524fe526807aea264c31e3482104d705
Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive information such as authentication credentials used by internal developers. Firmware version 8.0.1.014 is affected.
41af7991ec90055d2e9576142c80137283f105fdc993d700215ae487f134beef
Firmware reversing of the Barracuda Web Application Firewall uncovered debug features that should have been removed on the production images. Appending a debugging statement onto a grub configuration line leads to an early boot root shell. Firmware version 8.0.1.014 is affected.
e7f34bb9440ee19f081d01c8da99a0e8de3728fcc56a3f073d87f5c8a3cf2ad7