Total
1166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19021 | 1 Titanhq | 1 Webtitan | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account. | |||||
CVE-2019-15015 | 1 Zingbox | 1 Inspector | 2024-02-04 | 7.2 HIGH | 8.4 HIGH |
In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. | |||||
CVE-2013-3619 | 2 Citrix, Supermicro | 10 Netscaler, Netscaler Firmware, Netscaler Sd-wan and 7 more | 2024-02-04 | 4.3 MEDIUM | 8.1 HIGH |
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon. | |||||
CVE-2019-15975 | 1 Cisco | 1 Data Center Network Manager | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2019-19033 | 1 Jalios | 1 Jcms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password. | |||||
CVE-2020-6963 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2024-02-04 | 10.0 HIGH | 10.0 CRITICAL |
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code. | |||||
CVE-2019-19492 | 1 Freeswitch | 1 Freeswitch | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. | |||||
CVE-2019-5137 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. | |||||
CVE-2020-8657 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token. | |||||
CVE-2020-7999 | 1 Intelliantech | 1 Aptus | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY. | |||||
CVE-2013-6362 | 1 Xerox | 24 Colorqube 9201, Colorqube 9201 Firmware, Colorqube 9202 and 21 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. | |||||
CVE-2012-6611 | 1 Polycom | 12 Hdx 4002, Hdx 4500, Hdx 6000 and 9 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password. | |||||
CVE-2019-13658 | 1 Broadcom | 1 Network Flow Analysis | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | |||||
CVE-2019-15977 | 1 Cisco | 1 Data Center Network Manager | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2013-1603 | 1 Dlink | 34 Dcs-1100, Dcs-1100 Firmware, Dcs-1100l and 31 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve as a backdoor, which allows remote attackers to access the RTSP video stream. | |||||
CVE-2020-4283 | 1 Ibm | 1 Security Information Queue | 2024-02-04 | 5.0 MEDIUM | 8.6 HIGH |
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 176206. | |||||
CVE-2019-14837 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be 'service-account-test@placeholder.org'. | |||||
CVE-2020-8964 | 1 Timetoolsltd | 20 Sc7105, Sc7105 Firmware, Sc9205 and 17 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcoded cookie." | |||||
CVE-2019-9533 | 1 Cobham | 2 Explorer 710, Explorer 710 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device. | |||||
CVE-2013-3542 | 1 Grandstream | 26 Gxv3500, Gxv3500 Firmware, Gxv3501 and 23 more | 2024-02-04 | 10.0 HIGH | 10.0 CRITICAL |
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. |