CVE-2004-0391
published 2004-06-01CVE-2004-0391: Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which…
PriorityP340critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
4.58%
90.5th percentile
Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which allows remote attackers to add new users, modify existing users, and change configuration.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | hosting_solution_engine | — | — |
| cisco | hosting_solution_engine | — | — |
| cisco | hosting_solution_engine | — | — |
| cisco | hosting_solution_engine | — | — |
| cisco | hosting_solution_engine | — | — |
| cisco | wireless_lan_solution_engine | — | — |
| cisco | wireless_lan_solution_engine | — | — |
| cisco | wireless_lan_solution_engine | — | — |
| cisco | wireless_lan_solution_engine | — | — |
| cisco | wireless_lan_solution_engine | — | — |
| cisco | wireless_lan_solution_engine | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5j5j-qcr8-cxv4: Cisco Wireless LAN Solution Engine (WLSE) 2
ghsa_unreviewed·2022-04-29
CVE-2004-0391 [HIGH] GHSA-5j5j-qcr8-cxv4: Cisco Wireless LAN Solution Engine (WLSE) 2
Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which allows remote attackers to add new users, modify existing users, and change configuration.
Cisco
A Default Username and Password in WLSE and HSE Devices
vendor_cisco·2004-04-07
CVE-2004-0391 A Default Username and Password in WLSE and HSE Devices
A Default Username and Password in WLSE and HSE Devices
A default username/password pair is present in all releases of the
Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software.
A user who logs in using this username has complete control of the device. This
username cannot be disabled. There is no workaround.
This advisory is available at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040407-username.
Cisco
A Default Username and Password in WLSE and HSE Devices
vendor_cisco
CVE-2004-0391 A Default Username and Password in WLSE and HSE Devices
CVE-2004-0391: A Default Username and Password in WLSE and HSE Devices
A default username/password pair is present in all releases of the Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software. A user who logs in using this username has complete control of the device. This username cannot be disabled. There is no workaround. This advisory is available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040407-username .
Bug IDs: CSCsa11583, CSCsa11584, CSCsa11583, CSCsa11583, CSCsa11584
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.ciac.org/ciac/bulletins/o-111.shtmlhttp://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtmlhttp://www.kb.cert.org/vuls/id/659228http://www.securityfocus.com/bid/10076https://exchange.xforce.ibmcloud.com/vulnerabilities/15773http://www.ciac.org/ciac/bulletins/o-111.shtmlhttp://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtmlhttp://www.kb.cert.org/vuls/id/659228http://www.securityfocus.com/bid/10076https://exchange.xforce.ibmcloud.com/vulnerabilities/15773
2004-06-01
Published