Total
1109 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5768 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. | |||||
| CVE-2018-10723 | 1 Rangerstudio | 1 Directus | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql. | |||||
| CVE-2017-11632 | 1 - | 1 Wireless Ip Camera 360 | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session. | |||||
| CVE-2018-5797 | 1 Extremenetworks | 1 Extremewireless Wing | 2024-02-04 | 3.3 LOW | 7.5 HIGH |
| An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port. | |||||
| CVE-2017-14002 | 1 Ge | 2 Infinia Hawkeye 4, Infinia Hawkeye 4 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | |||||
| CVE-2016-3953 | 1 Web2py | 1 Web2py | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function. | |||||
| CVE-2017-14014 | 1 Bostonscientific | 2 Zoom Latitude Prm 3120, Zoom Latitude Prm 3120 Firmware | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. | |||||
| CVE-2018-12526 | 1 Telesquare | 4 Sdt-cs3b1, Sdt-cs3b1 Firmware, Sdt-cw3b1 and 1 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account. | |||||
| CVE-2018-12323 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2024-02-04 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console. | |||||
| CVE-2018-7229 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials. | |||||
| CVE-2018-11635 | 1 Dialogic | 1 Powermedia Xms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication. | |||||
| CVE-2018-8857 | 1 Philips | 8 Brilliance Ct Big Bore, Brilliance Ct Big Bore Firmware, Brilliance 64 and 5 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system. | |||||
| CVE-2014-6617 | 1 Industrial.softing | 2 Fg-100 Pb Profibus, Fg-100 Pb Profibus Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | |||||
| CVE-2018-10167 | 1 Tp-link | 1 Eap Controller | 2024-02-04 | 6.0 MEDIUM | 7.5 HIGH |
| The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-9149 | 1 Zyxel | 2 Ac3000, Ac3000 Firmware | 2024-02-04 | 7.2 HIGH | 6.8 MEDIUM |
| The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device's TELNET service as a backdoor. | |||||
| CVE-2016-0235 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-02-04 | 7.2 HIGH | 8.2 HIGH |
| IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326. | |||||
| CVE-2014-8579 | 1 Trendnet | 2 Tew-823dru, Tew-823dru Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session. | |||||
| CVE-2017-9956 | 1 Schneider-electric | 1 U.motion Builder | 2024-02-04 | 7.5 HIGH | 7.3 HIGH |
| An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass | |||||
| CVE-2018-5723 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account. | |||||
| CVE-2017-4976 | 1 Emc | 1 Esrs Policy Manager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server. | |||||