Total
1380 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8224 | 1 Wificam | 2 Wireless Ip Camera \(p2p\), Wireless Ip Camera \(p2p\) Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET. | |||||
| CVE-2017-6054 | 1 Hyundaiusa | 1 Blue Link | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information. | |||||
| CVE-2017-17107 | 1 Zivif | 2 Pr115-204-p-rs, Pr115-204-p-rs Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session. | |||||
| CVE-2015-2867 | 1 Trane | 1 Comfortlink Ii Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. | |||||
| CVE-2015-2881 | 1 Gynoii | 3 Gcw-1010, Gcw-1020, Gpw-1025 | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account. | |||||
| CVE-2017-7648 | 1 Foscam | 12 C1, C1 Lite, C2 and 9 more | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
| Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | |||||
| CVE-2017-9132 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether it be an AP, Client, or Backhaul model), an attacker can view all the messages being sent between the devices. If an attacker connects to an AP, the AP will leak information about any clients connected to it, including the serial numbers, which can be used to remotely factory reset the clients via a page in their web interface. | |||||
| CVE-2017-2236 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges. | |||||
| CVE-2017-7927 | 1 Dahuasecurity | 30 Ddh-hcvr4xxx, Dh-hcvr4xxx Firmware, Dh-hcvr5xxx and 27 more | 2025-04-20 | 7.5 HIGH | 7.3 HIGH |
| A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password. | |||||
| CVE-2016-9358 | 1 Marel | 44 A320, A320 Firmware, A325 and 41 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords. | |||||
| CVE-2017-11693 | 1 Medhost | 1 Medhost Document Management System | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. PostgreSQL is used as the Document Management System database. The account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for PostgreSQL has access to the database schema for Document Management System. | |||||
| CVE-2016-0726 | 1 Nagios | 1 Nagios | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | |||||
| CVE-2017-12317 | 1 Cisco | 1 Advanced Malware Protection | 2025-04-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Cisco Bug IDs: CSCvg42904. | |||||
| CVE-2017-6558 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. | |||||
| CVE-2017-12350 | 1 Cisco | 1 Umbrella Insights Virtual Appliance | 2025-04-20 | 7.2 HIGH | 8.2 HIGH |
| A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220. | |||||
| CVE-2016-8954 | 1 Ibm | 1 Dashdb Local | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. | |||||
| CVE-2017-8011 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system. | |||||
| CVE-2016-10308 | 1 Siklu | 7 Etherhaul-5500fd, Etherhaul 500tx, Etherhaul 60ghz V-band Radio and 4 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it. | |||||
| CVE-2016-10306 | 1 Trango | 4 A600-19-us, A600-25-us, A600-ext-us and 1 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | |||||
| CVE-2017-2283 | 1 Iodata | 2 Wn-g300r3, Wn-g300r3 Firmware | 2025-04-20 | 5.8 MEDIUM | 8.0 HIGH |
| WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | |||||