Total
16 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7898 | 1 Tosei-corporation | 1 Online Store Management System | 2024-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-29844 | 2024-09-25 | N/A | 9.8 CRITICAL | ||
| Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password. | |||||
| CVE-2024-6535 | 1 Redhat | 1 Service Interconnect | 2024-09-18 | N/A | 5.3 MEDIUM |
| A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie. | |||||
| CVE-2024-39747 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2024-09-16 | N/A | 9.8 CRITICAL |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. | |||||
| CVE-2023-40704 | 1 Philips | 1 Vue Pacs | 2024-09-05 | N/A | 9.8 CRITICAL |
| Philips Vue PACS uses default credentials for potentially critical functionality. | |||||
| CVE-2024-28093 | 2024-09-04 | N/A | 8.8 HIGH | ||
| **UNSUPPORTED WHEN ASSIGNED** The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. | |||||
| CVE-2024-39584 | 2024-08-28 | N/A | 8.2 HIGH | ||
| Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution. | |||||
| CVE-2023-43844 | 2024-08-22 | N/A | 8.0 HIGH | ||
| Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the web interface and gain administrator privileges. | |||||
| CVE-2024-7746 | 1 Traccar | 1 Traccar | 2024-08-22 | N/A | 9.8 CRITICAL |
| Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected by the authentication mechanism. These transactions could have an impact on any sensitive aspect of the platform, including Confidentiality, Integrity and Availability. | |||||
| CVE-2024-5632 | 2024-08-01 | N/A | N/A | ||
| Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. A user is neither advised to change it during the installation process, nor such a need is described in the manual. As the cameras from the same kit connect automatically, it is very probable for the default password to be left unchanged. | |||||
| CVE-2024-27158 | 2024-07-04 | N/A | 7.4 HIGH | ||
| All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-4007 | 2024-07-01 | N/A | 8.8 HIGH | ||
| Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. | |||||
| CVE-2024-5245 | 2024-05-24 | N/A | 7.8 HIGH | ||
| NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of default MySQL credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22755. | |||||
| CVE-2024-4622 | 2024-05-15 | N/A | N/A | ||
| If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator. | |||||
| CVE-2024-30210 | 2024-04-15 | N/A | 7.4 HIGH | ||
| IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device. | |||||
| CVE-2024-31069 | 2024-04-15 | N/A | 7.4 HIGH | ||
| IO-1020 Micro ELD web server uses a default password for authentication. | |||||