Total
1166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18374 | 2 Billion, Zyxel | 6 5200w-t, 5200w-t Firmware, P660hn-t1a V1 and 3 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes. | |||||
CVE-2018-0375 | 1 Cisco | 2 Mobility Services Engine, Policy Suite | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Bug IDs: CSCvh02680. | |||||
CVE-2018-0038 | 1 Juniper | 1 Contrail Service Orchestration | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra. | |||||
CVE-2018-17919 | 1 Xiongmaitech | 1 Xmeye P2p Cloud Server | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams. | |||||
CVE-2018-12240 | 1 Symantec | 1 Norton Password Manager | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials. | |||||
CVE-2018-0680 | 1 Neo | 2 Debun Imap, Debun Pop | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to read/send mail or change the configuration. | |||||
CVE-2018-13819 | 1 Ca | 1 Unified Infrastructure Management | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | |||||
CVE-2018-1887 | 1 Ibm | 1 Security Access Manager | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078. | |||||
CVE-2018-16201 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands. | |||||
CVE-2018-0041 | 1 Juniper | 1 Contrail Service Orchestration | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone. | |||||
CVE-2018-15360 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2024-02-04 | 7.5 HIGH | 7.3 HIGH |
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. | |||||
CVE-2017-12574 | 1 Planex | 2 Cs-w50hd, Cs-w50hd Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted. | |||||
CVE-2018-14324 | 1 Oracle | 1 Glassfish Server | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a "jmx_rmi remote monitoring and control problem." NOTE: this is not an Oracle supported product. | |||||
CVE-2018-14943 | 1 Harmonicinc | 2 Nsg 9000, Nsg 9000 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account. | |||||
CVE-2018-16186 | 1 Ricoh | 16 D2200, D2200 Firmware, D5500 and 13 more | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration. | |||||
CVE-2018-15781 | 1 Dell | 1 Wyse Thinlinux | 2024-02-04 | 7.9 HIGH | 8.0 HIGH |
The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text. | |||||
CVE-2018-9073 | 1 Lenovo | 2 Chassis Management Module, Chassis Management Module Firmware | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets. | |||||
CVE-2018-0468 | 1 Cisco | 1 Energy Management Suite | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default access credentials. An attacker could exploit this vulnerability by logging in to the machine where CEMS is installed and establishing a local connection to the database. The fix for this vulnerability randomizes the database access password in new installations; however, the fix will not change the password for existing installations. Users are required to manually change the password, as documented in the Workarounds section of this advisory. There are workarounds that address this vulnerability. | |||||
CVE-2017-12577 | 1 Planex | 3 Cs-qr20, Cs-qr20 Firmware, Smacam Night Vision | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission. | |||||
CVE-2018-0040 | 1 Juniper | 1 Contrail Service Orchestration | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services. |