Total
1166 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-16258 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-02-04 | 5.6 MEDIUM | 7.1 HIGH |
| Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials. | |||||
| CVE-2021-25275 | 1 Solarwinds | 1 Orion Platform | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database. | |||||
| CVE-2020-35338 | 1 Mobileviewpoint | 1 Wireless Multiplex Terminal Playout Server | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of "pokon." | |||||
| CVE-2021-27172 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh. | |||||
| CVE-2020-10207 | 1 Amino | 12 Ak45x, Ak45x Firmware, Ak5xx and 9 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings. | |||||
| CVE-2020-27689 | 1 Imomobile | 2 Verve Connect Vh510, Verve Connect Vh510 Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version. | |||||
| CVE-2020-5667 | 1 Wantedlyinc | 1 Studyplus | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | |||||
| CVE-2021-27144 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP. | |||||
| CVE-2020-35929 | 1 Kaspersky | 1 Tinycheck | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data. | |||||
| CVE-2020-11720 | 1 Bilanc | 1 Bilanc | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this password. | |||||
| CVE-2019-17098 | 1 August | 3 August Home, Connect Wi-fi Bridge, Connect Wi-fi Bridge Firmware | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions. | |||||
| CVE-2020-4001 | 1 Vmware | 1 Sd-wan Orchestrator | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack. | |||||
| CVE-2021-27166 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon. | |||||
| CVE-2021-27165 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials. | |||||
| CVE-2020-15833 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner. | |||||
| CVE-2021-27142 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions. | |||||
| CVE-2021-27145 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP. | |||||
| CVE-2020-28329 | 1 Barco | 2 Wepresent Wipg-1600w, Wepresent Wipg-1600w Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. | |||||
| CVE-2020-25229 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device. | |||||
| CVE-2021-27160 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP. | |||||