Total
1101 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10125 | 1 Dlink | 13 Dgs-1100-05, Dgs-1100-05pd, Dgs-1100-08 and 10 more | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | |||||
CVE-2015-2882 | 1 Philips | 1 In.sight B120\\37 | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account. | |||||
CVE-2015-2885 | 1 Lens Laboratories | 2 Peek-a-view, Peek-a-view Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account. | |||||
CVE-2015-7246 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | |||||
CVE-2016-2948 | 1 Ibm | 1 Bigfix Remote Control | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. | |||||
CVE-2017-5230 | 1 Rapid7 | 1 Nexpose | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk. | |||||
CVE-2017-7574 | 1 Schneider-electric | 3 Modicon Tm221ce16r, Modicon Tm221ce16r Firmware, Somachine | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. | |||||
CVE-2016-10305 | 1 Gotrango | 22 Apex, Apex Firmware, Apex Lynx and 19 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | |||||
CVE-2016-1560 | 1 Exagrid | 16 Ex10000e, Ex10000e Firmware, Ex13000e and 13 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. | |||||
CVE-2016-2310 | 1 Ge | 8 Multilink Firmware, Multilink Ml1200, Multilink Ml1600 and 5 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. | |||||
CVE-2016-6535 | 1 Aver | 2 Eh6108h\+, Eh6108h\+ Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session. | |||||
CVE-2016-6532 | 1 Dexis | 1 Imaging Suite | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session. | |||||
CVE-2016-5678 | 1 Nuuo | 2 Nvrmini 2, Nvrsolo | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | |||||
CVE-2016-5333 | 1 Vmware | 1 Photon Os | 2024-02-04 | 9.3 HIGH | 9.8 CRITICAL |
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | |||||
CVE-2016-5081 | 1 Zmodo | 2 Zp-ibh-13w, Zp-ne-14-s | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session. | |||||
CVE-2016-6530 | 1 Dentsply Sirona | 1 Cdr Dicom | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords. | |||||
CVE-2016-7560 | 1 Fortinet | 1 Fortiwlc | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||||
CVE-2012-4712 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2024-02-04 | 5.0 MEDIUM | N/A |
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. | |||||
CVE-2007-1063 | 1 Cisco | 12 Unified Ip Phone 7906g, Unified Ip Phone 7911g, Unified Ip Phone 7941g and 9 more | 2024-02-04 | 10.0 HIGH | N/A |
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device. | |||||
CVE-2006-7074 | 1 Smartsitecms | 1 Smartsitecms | 2024-02-04 | 7.5 HIGH | N/A |
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie. |