Total
725 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2331 | 1 Systech | 2 Syslink Sl-1000 Modular Gateway, Syslink Sl-1000 Modular Gateway Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2016-5848 | 1 Siemens | 1 Sicam Pas\/pqs | 2023-12-10 | 1.7 LOW | 6.7 MEDIUM |
Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. | |||||
CVE-2016-2203 | 1 Symantec | 1 Messaging Gateway | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. | |||||
CVE-2015-6016 | 1 Zyxel | 4 Nbg-418n, P-660hw-t1 2, Pmg5318-b20a Firmware and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. | |||||
CVE-2016-2283 | 1 Moxa | 16 Ioadmin Firmware, Iologic E2210, Iologic E2210-t and 13 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | |||||
CVE-2015-6336 | 1 Cisco | 5 Aironet 1830e, Aironet 1830i, Aironet 1850e and 2 more | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062. | |||||
CVE-2015-6743 | 1 Basware | 1 Banking | 2023-12-10 | 6.5 MEDIUM | N/A |
Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions. | |||||
CVE-2007-6757 | 1 Gehealthcare | 1 Centricity Dms Firmware | 2023-12-10 | 10.0 HIGH | N/A |
GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | |||||
CVE-2016-1341 | 1 Cisco | 1 Nx-os | 2023-12-10 | 6.9 MEDIUM | 9.8 CRITICAL |
Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079. | |||||
CVE-2010-5307 | 1 Gehealthcare | 1 Optima Mr360 Firmware | 2023-12-10 | 10.0 HIGH | N/A |
The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. | |||||
CVE-2015-8362 | 1 Harman | 1 Amx Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2016-1984. | |||||
CVE-2015-3957 | 1 Hospira | 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware | 2023-12-10 | 4.6 MEDIUM | N/A |
Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors. | |||||
CVE-2015-7280 | 1 Readynet Solutions | 2 Wrt300n-dd, Wrt300n-dd Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | |||||
CVE-2015-7856 | 1 Opennms | 1 Opennms | 2023-12-10 | 10.0 HIGH | N/A |
OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | |||||
CVE-2016-0865 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors. | |||||
CVE-2015-1950 | 1 Ibm | 1 Powervc | 2023-12-10 | 4.6 MEDIUM | N/A |
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code. | |||||
CVE-2016-2282 | 1 Moxa | 16 Ioadmin Firmware, Iologik E2210, Iologik E2210-t and 13 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | |||||
CVE-2009-5149 | 1 Arris | 4 Dg860a, Na Model 862 Gw Mono Firmware, Tg862a and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue. | |||||
CVE-2012-6693 | 1 Gehealthcare | 1 Centricity Pacs Server | 2023-12-10 | 10.0 HIGH | N/A |
GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors. | |||||
CVE-2015-7277 | 1 Ampedwireless | 2 R10000, R10000 Firmware | 2023-12-10 | 9.3 HIGH | 9.8 CRITICAL |
The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. |