Total
1166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-14474 | 1 Cellebrite | 2 Ufed, Ufed Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data. | |||||
CVE-2020-15314 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. | |||||
CVE-2020-15312 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. | |||||
CVE-2020-12110 | 1 Tp-link | 14 Nc200, Nc200 Firmware, Nc210 and 11 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. | |||||
CVE-2019-19108 | 1 Br-automation | 2 Automation Runtime, Automation Studio | 2024-02-04 | 7.5 HIGH | 9.4 CRITICAL |
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP. | |||||
CVE-2020-4190 | 1 Ibm | 1 Security Guardium | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851. | |||||
CVE-2020-7501 | 1 Schneider-electric | 1 Vijeo Designer | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer. | |||||
CVE-2020-11549 | 1 Netgear | 6 Rbs50y, Rbs50y Firmware, Srr60 and 3 more | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system. | |||||
CVE-2020-3318 | 1 Cisco | 1 Firepower Management Center | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2020-3301 | 1 Cisco | 1 Firepower Management Center | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2020-3330 | 1 Cisco | 2 Rv110w Wireless-n Vpn Firewall, Rv110w Wireless-n Vpn Firewall Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device. | |||||
CVE-2018-20432 | 1 Dlink | 4 Covr-2600r, Covr-2600r Firmware, Covr-3902 and 1 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. | |||||
CVE-2019-4327 | 1 Hcltech | 1 Appscan | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | |||||
CVE-2020-12045 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Baxter Spectrum v8.x (model 35700BAX2), operates a Telnet service on Port 1023 with hard-coded credentials. | |||||
CVE-2020-10270 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000. | |||||
CVE-2018-21137 | 1 Netgear | 4 D3600, D3600 Firmware, D6000 and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. | |||||
CVE-2020-12035 | 1 Baxter | 4 Prismaflex, Prismaflex Firmware, Prismax and 1 more | 2024-02-04 | 3.6 LOW | 4.9 MEDIUM |
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings and calibration. | |||||
CVE-2020-10988 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device. | |||||
CVE-2020-5248 | 1 Glpi-project | 1 Glpi | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not know which columns or rows in the database are using that; espcially from plugins. Changing the key without updating data would lend in bad password sent from glpi; but storing them again from the UI will work. | |||||
CVE-2019-14309 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. |