Total
1166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5600 | 1 Netapp | 1 Oncommand Insight | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account. | |||||
CVE-2016-8361 | 1 Lynxspring | 1 Jenesys Bas Bridge | 2024-02-04 | 7.5 HIGH | 8.6 HIGH |
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication. | |||||
CVE-2016-8491 | 1 Fortinet | 1 Fortiwlc | 2024-02-04 | 9.4 HIGH | 9.1 CRITICAL |
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. | |||||
CVE-2016-6829 | 2 Barclamp-trove Project, Crowbar-openstack Project | 2 Barclamp-trove, Crowbar-openstack | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2016-10115 | 1 Netgear | 8 Arlo Base Station Firmware, Arlo Q Camera Firmware, Arlo Q Plus Camera Firmware and 5 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration. | |||||
CVE-2016-10125 | 1 Dlink | 13 Dgs-1100-05, Dgs-1100-05pd, Dgs-1100-08 and 10 more | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | |||||
CVE-2015-2882 | 1 Philips | 1 In.sight B120\\37 | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account. | |||||
CVE-2015-2885 | 1 Lens Laboratories | 2 Peek-a-view, Peek-a-view Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account. | |||||
CVE-2015-7246 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | |||||
CVE-2016-2948 | 1 Ibm | 1 Bigfix Remote Control | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. | |||||
CVE-2017-5230 | 1 Rapid7 | 1 Nexpose | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk. | |||||
CVE-2017-7574 | 1 Schneider-electric | 3 Modicon Tm221ce16r, Modicon Tm221ce16r Firmware, Somachine | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. | |||||
CVE-2016-10305 | 1 Gotrango | 22 Apex, Apex Firmware, Apex Lynx and 19 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | |||||
CVE-2016-1560 | 1 Exagrid | 16 Ex10000e, Ex10000e Firmware, Ex13000e and 13 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. | |||||
CVE-2016-2310 | 1 Ge | 8 Multilink Firmware, Multilink Ml1200, Multilink Ml1600 and 5 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. | |||||
CVE-2016-6535 | 1 Aver | 2 Eh6108h\+, Eh6108h\+ Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session. | |||||
CVE-2016-6532 | 1 Dexis | 1 Imaging Suite | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session. | |||||
CVE-2016-5678 | 1 Nuuo | 2 Nvrmini 2, Nvrsolo | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | |||||
CVE-2016-5333 | 1 Vmware | 1 Photon Os | 2024-02-04 | 9.3 HIGH | 9.8 CRITICAL |
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | |||||
CVE-2016-5081 | 1 Zmodo | 2 Zp-ibh-13w, Zp-ne-14-s | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session. |