Total
1166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13543 | 1 Medtronic | 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. | |||||
CVE-2015-7276 | 1 Technicolor | 4 C2000t, C2000t Firmware, C2100t and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Technicolor C2000T and C2100T uses hard-coded cryptographic keys. | |||||
CVE-2016-2357 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. | |||||
CVE-2013-6236 | 1 Izoncam | 2 Izon Ip, Izon Ip Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
IZON IP 2.0.2: hard-coded password vulnerability | |||||
CVE-2013-2572 | 1 Tp-link | 8 Tl-sc 3130, Tl-sc 3130 Firmware, Tl-sc 3130g and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files. | |||||
CVE-2019-10995 | 1 Abb | 16 Cp651, Cp651-web, Cp651-web Firmware and 13 more | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. | |||||
CVE-2019-15976 | 1 Cisco | 1 Data Center Network Manager | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2020-3158 | 1 Cisco | 1 Smart Software Manager On-prem | 2024-02-04 | 8.8 HIGH | 9.1 CRITICAL |
A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device. | |||||
CVE-2016-2360 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | |||||
CVE-2020-5222 | 1 Apereo | 1 Opencast | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1 | |||||
CVE-2013-1352 | 1 Veraxsystems | 1 Network Management System | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive. | |||||
CVE-2014-9614 | 1 Netsweeper | 1 Netsweeper | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. | |||||
CVE-2012-5686 | 1 Zpanelcp | 1 Zpanel | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
ZPanel 10.0.1 has insufficient entropy for its password reset process. | |||||
CVE-2019-15802 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware. | |||||
CVE-2019-4309 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. | |||||
CVE-2019-18831 | 1 Barco | 8 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 5 more | 2024-02-04 | 3.5 LOW | 5.3 MEDIUM |
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate. | |||||
CVE-2019-10990 | 1 Redlion | 1 Crimson | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files. | |||||
CVE-2020-8000 | 1 Intelliantech | 1 Aptus Web | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account. | |||||
CVE-2020-7233 | 1 Kmccontrols | 2 Bac-a1616bc, Bac-a1616bc Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file. | |||||
CVE-2019-13553 | 2 Carel, Rittal | 2 Pcoweb Firmware, Chiller Sk 3232 | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point. |