Total
1166 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33540 | 1 Phoenixcontact | 36 Axl F Bk Eip, Axl F Bk Eip Ef, Axl F Bk Eip Ef Firmware and 33 more | 2024-02-04 | 7.5 HIGH | 7.3 HIGH |
| In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists. | |||||
| CVE-2020-12376 | 1 Intel | 48 Bmc Firmware, Hns2600bpb, Hns2600bpb24 and 45 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-27169 | 1 Fiberhome | 2 An5506-04-fa, An5506-04-fa Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account. | |||||
| CVE-2021-27150 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded gestiontelebucaramanga / t3l3buc4r4m4ng42013 credentials for an ISP. | |||||
| CVE-2020-25173 | 1 Reolink | 14 Rlc-410, Rlc-410 Firmware, Rlc-422 and 11 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access | |||||
| CVE-2021-27155 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP. | |||||
| CVE-2021-27153 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP. | |||||
| CVE-2021-27154 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / G0R2U1P2ag credentials for an ISP. | |||||
| CVE-2020-27278 | 1 Hamilton-medical | 2 Hamilton-t1, Hamilton-t1 Firmware | 2024-02-04 | 3.6 LOW | 5.2 MEDIUM |
| In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface. | |||||
| CVE-2020-26879 | 1 Commscope | 2 Ruckus Iot Module, Ruckus Vriot | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header. | |||||
| CVE-2021-27148 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP. | |||||
| CVE-2021-27152 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP. | |||||
| CVE-2021-27149 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adminpldt / z6dUABtl270qRxt7a2uGTiw credentials for an ISP. | |||||
| CVE-2020-13963 | 1 Soplanning | 1 Soplanning | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account). | |||||
| CVE-2021-20442 | 2 Ibm, Microsoft | 2 Security Verify Bridge, Windows | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618. | |||||
| CVE-2020-29061 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default root126 password for the root account. | |||||
| CVE-2020-13858 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations. | |||||
| CVE-2020-35567 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances. | |||||
| CVE-2020-29377 | 1 Vsolcn | 2 V1600d, V1600d Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The string K0LTdi@gnos312$ is compared to the password provided by the the remote attacker. If it matches, access is provided. | |||||
| CVE-2021-1219 | 1 Cisco | 1 Smart Software Manager On-prem | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by gaining access to the static credential that is stored on the local device. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. | |||||