Total
1450 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-40119 | 1 Cisco | 1 Policy Suite | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user. | |||||
CVE-2021-3565 | 3 Fedoraproject, Redhat, Tpm2-tools Project | 3 Fedora, Enterprise Linux, Tpm2-tools | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality. | |||||
CVE-2021-39615 | 1 Dlink | 2 Dsr-500n, Dsr-500n Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2021-39614 | 1 Dlink | 2 Dvx-2000ms, Dvx-2000ms Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. | |||||
CVE-2021-39613 | 1 Dlink | 2 Dvg-3104ms, Dvg-3104ms Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2021-39245 | 1 Altus | 30 Hadron Xtorm Hx3040, Hadron Xtorm Hx3040 Firmware, Nexto Nx3003 and 27 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0. | |||||
CVE-2021-38969 | 1 Ibm | 1 Spectrum Virtualize | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609. | |||||
CVE-2021-38461 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries. | |||||
CVE-2021-38456 | 1 Moxa | 1 Mxview | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords | |||||
CVE-2021-37555 | 1 Trixie | 2 Tx9 Automatic Food Dispenser, Tx9 Automatic Food Dispenser Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc). | |||||
CVE-2021-37163 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded. | |||||
CVE-2021-36799 | 1 Knx | 1 Engineering Tool Software 5 | 2024-11-21 | 2.1 LOW | 8.8 HIGH |
** UNSUPPORTED WHEN ASSIGNED ** KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2021-36234 | 1 Unit4 | 1 Mik.starlight | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors. | |||||
CVE-2021-36224 | 1 Westerndigital | 2 My Cloud Os, My Cloud Pr4100 | 2024-11-21 | N/A | 9.8 CRITICAL |
Western Digital My Cloud devices before OS5 have a nobody account with a blank password. | |||||
CVE-2021-35961 | 1 Secom | 1 Dr.id Access Control | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission. | |||||
CVE-2021-35232 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 3.6 LOW | 6.8 MEDIUM |
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. | |||||
CVE-2021-34812 | 1 Synology | 1 Calendar | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2021-34757 | 1 Cisco | 32 Business 220-16p-2g, Business 220-16p-2g Firmware, Business 220-16t-2g and 29 more | 2024-11-21 | 3.6 LOW | 4.9 MEDIUM |
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2021-34744 | 1 Cisco | 32 Business 220-16p-2g, Business 220-16p-2g Firmware, Business 220-16t-2g and 29 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2021-34688 | 2 Idrive, Microsoft | 2 Remotepc, Windows | 2024-11-21 | 2.1 LOW | 3.3 LOW |
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker. |