Total
1166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-37163 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded. | |||||
CVE-2021-32535 | 1 Qsan | 1 Sanos | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0. | |||||
CVE-2021-34688 | 2 Idrive, Microsoft | 2 Remotepc, Windows | 2024-02-04 | 2.1 LOW | 3.3 LOW |
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker. | |||||
CVE-2021-31579 | 1 Akkadianlabs | 2 Ova Appliance, Provisioning Manager | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). | |||||
CVE-2021-34565 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as- Z2-eth.eip, Wha-gw-f2d2-0-as- Z2-eth.eip Firmware, Wha-gw-f2d2-0-as-z2-eth and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. | |||||
CVE-2020-21995 | 1 Inim | 12 Smartliving 10100l, Smartliving 10100l Firmware, Smartliving 10100lg3 and 9 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system. | |||||
CVE-2021-1574 | 1 Cisco | 1 Business Process Automation | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions with the privileges of an administrator, or by retrieving sensitive data from the logs and using it to impersonate a legitimate privileged user. A successful exploit could allow the attacker to elevate privileges to Administrator. | |||||
CVE-2020-15382 | 1 Broadcom | 1 Brocade Sannav | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time. | |||||
CVE-2021-27392 | 1 Siemens | 1 Siveillance Video Open Network Bridge | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK. This could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server. | |||||
CVE-2020-14099 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password. | |||||
CVE-2021-33529 | 1 Weidmueller | 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device. | |||||
CVE-2020-5351 | 1 Dell | 1 Emc Data Protection Advisor | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privileges. | |||||
CVE-2020-29322 | 1 Dlink | 2 Dir-880l, Dir-880l Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
CVE-2021-0248 | 1 Juniper | 4 Junos, Nfx150, Nfx250 and 1 more | 2024-02-04 | 7.5 HIGH | 10.0 CRITICAL |
This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deployment. This issue is only exploitable through administrative interfaces. This issue affects: Juniper Networks Junos OS versions prior to 19.1R1 on NFX Series. No other platforms besides NFX Series devices are affected. | |||||
CVE-2020-25561 | 1 Sapphireims | 1 Sapphireims | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client. | |||||
CVE-2021-20537 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918 | |||||
CVE-2020-4932 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 191748. | |||||
CVE-2021-29691 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252. | |||||
CVE-2021-39245 | 1 Altus | 30 Hadron Xtorm Hx3040, Hadron Xtorm Hx3040 Firmware, Nexto Nx3003 and 27 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0. | |||||
CVE-2021-25898 | 1 Void | 1 Aural Rec Monitor | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server. |