Total
1177 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-15319 | 1 Zyxel | 1 Cloudcnm Secumanager | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. | |||||
CVE-2020-15321 | 1 Zyxel | 1 Cloudcnm Secumanager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. | |||||
CVE-2020-10270 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000. | |||||
CVE-2019-5622 | 1 Accellion | 1 File Transfer Appliance | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials. | |||||
CVE-2019-14309 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. | |||||
CVE-2018-20432 | 1 Dlink | 4 Covr-2600r, Covr-2600r Firmware, Covr-3902 and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. | |||||
CVE-2020-4208 | 1 Ibm | 1 Spectrum Protect Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975. | |||||
CVE-2020-24574 | 1 Gog | 1 Galaxy | 2023-12-10 | 6.9 MEDIUM | 7.8 HIGH |
The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism. | |||||
CVE-2013-3542 | 1 Grandstream | 26 Gxv3500, Gxv3500 Firmware, Gxv3501 and 23 more | 2023-12-10 | 10.0 HIGH | 10.0 CRITICAL |
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. | |||||
CVE-2020-8964 | 1 Timetoolsltd | 20 Sc7105, Sc7105 Firmware, Sc9205 and 17 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcoded cookie." | |||||
CVE-2013-1352 | 1 Veraxsystems | 1 Network Management System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive. | |||||
CVE-2019-10995 | 1 Abb | 16 Cp651, Cp651-web, Cp651-web Firmware and 13 more | 2023-12-10 | 5.8 MEDIUM | 8.8 HIGH |
ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. | |||||
CVE-2019-13543 | 1 Medtronic | 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. | |||||
CVE-2020-8000 | 1 Intelliantech | 1 Aptus Web | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account. | |||||
CVE-2020-7233 | 1 Kmccontrols | 2 Bac-a1616bc, Bac-a1616bc Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file. | |||||
CVE-2019-19017 | 1 Titanhq | 1 Webtitan | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system. | |||||
CVE-2014-0175 | 3 Debian, Puppet, Redhat | 3 Debian Linux, Marionette Collective, Openshift | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
mcollective has a default password set at install | |||||
CVE-2019-16734 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | |||||
CVE-2019-9533 | 1 Cobham | 2 Explorer 710, Explorer 710 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device. | |||||
CVE-2019-19021 | 1 Titanhq | 1 Webtitan | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account. |