Total
1166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-15321 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. | |||||
CVE-2020-13166 | 1 Mylittletools | 1 Mylittleadmin | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code. | |||||
CVE-2020-9279 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device. | |||||
CVE-2020-14510 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. | |||||
CVE-2020-7352 | 1 Gog | 1 Galaxy | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). A fix was issued for the 2.0.x branch of the affected software. | |||||
CVE-2020-12012 | 1 Baxter | 4 Em1200, Em1200 Firmware, Em2400 and 1 more | 2024-02-04 | 3.6 LOW | 6.1 MEDIUM |
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI. | |||||
CVE-2018-17767 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-02-04 | 7.2 HIGH | 6.8 MEDIUM |
Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
CVE-2020-14070 | 1 Mk-auth | 1 Mk-auth | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access. | |||||
CVE-2020-15322 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account. | |||||
CVE-2020-4385 | 1 Ibm | 1 Verify Gateway | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266. | |||||
CVE-2020-15324 | 1 Zyxel | 1 Cloud Cnm Secumanager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. | |||||
CVE-2020-3446 | 1 Cisco | 10 Csp 5228-w, Csp 5228-w Firmware, Csp 5436-w and 7 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges. | |||||
CVE-2020-24876 | 1 Pancakeapp | 1 Pancake | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation. | |||||
CVE-2018-6446 | 1 Broadcom | 1 Brocade Network Advisor | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. | |||||
CVE-2020-10269 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in MiR100 and MiR200 but it might also apply to MiR250, MiR500 and MiR1000. | |||||
CVE-2018-17771 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-02-04 | 7.2 HIGH | 6.6 MEDIUM |
Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
CVE-2020-16170 | 1 Robotemi | 1 Temi | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors. | |||||
CVE-2020-11951 | 1 Rittal | 9 Cmc Iii Pu 7030.000, Cmc Iii Pu 7030.000 Firmware, Cmciii-pu-9333e0fb and 6 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a Backdoor root account. | |||||
CVE-2020-6265 | 1 Sap | 2 Commerce, Commerce Data Hub | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials. | |||||
CVE-2020-12789 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. |