Total
1159 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-14070 | 1 Mk-auth | 1 Mk-auth | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access. | |||||
CVE-2020-5374 | 1 Dell | 2 Emc Omimssc For Sccm, Emc Omimssc For Scvmm | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices. | |||||
CVE-2020-11543 | 1 Opsramp | 1 Gateway | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. This issue has been resolved in OpsRamp Gateway firmware version 7.0.0 where an administrator and a system user accounts are the only available user accounts for the gateway appliance. | |||||
CVE-2020-9289 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. | |||||
CVE-2019-4327 | 1 Hcltech | 1 Appscan | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | |||||
CVE-2018-6446 | 1 Broadcom | 1 Brocade Network Advisor | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. | |||||
CVE-2019-20656 | 1 Netgear | 30 D6200, D6200 Firmware, D7000 and 27 more | 2023-12-10 | 3.3 LOW | 8.8 HIGH |
Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62. | |||||
CVE-2020-3318 | 1 Cisco | 1 Firepower Management Center | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2020-10988 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device. | |||||
CVE-2018-17767 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2023-12-10 | 7.2 HIGH | 6.8 MEDIUM |
Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
CVE-2020-11723 | 1 Cellebrite | 2 Ufed, Ufed Firmware | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction. | |||||
CVE-2020-12789 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. | |||||
CVE-2020-10884 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2023-12-10 | 5.8 MEDIUM | 8.8 HIGH |
This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652. | |||||
CVE-2020-7501 | 1 Schneider-electric | 1 Vijeo Designer | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer. | |||||
CVE-2020-13804 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin. | |||||
CVE-2020-6985 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console. | |||||
CVE-2020-7352 | 1 Gog | 1 Galaxy | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). A fix was issued for the 2.0.x branch of the affected software. | |||||
CVE-2020-4177 | 1 Ibm | 1 Security Guardium | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174732. | |||||
CVE-2020-5248 | 1 Glpi-project | 1 Glpi | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not know which columns or rows in the database are using that; espcially from plugins. Changing the key without updating data would lend in bad password sent from glpi; but storing them again from the UI will work. | |||||
CVE-2020-11878 | 1 Jitsi | 1 Meet | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts. |