Total
1153 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-8361 | 1 Lynxspring | 1 Jenesys Bas Bridge | 2023-12-10 | 7.5 HIGH | 8.6 HIGH |
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication. | |||||
CVE-2017-6558 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. | |||||
CVE-2016-10306 | 1 Trango | 4 A600-19-us, A600-25-us, A600-ext-us and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | |||||
CVE-2015-2882 | 1 Philips | 1 In.sight B120\\37 | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account. | |||||
CVE-2017-6403 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password. | |||||
CVE-2016-10177 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234. | |||||
CVE-2017-9132 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether it be an AP, Client, or Backhaul model), an attacker can view all the messages being sent between the devices. If an attacker connects to an AP, the AP will leak information about any clients connected to it, including the serial numbers, which can be used to remotely factory reset the clients via a page in their web interface. | |||||
CVE-2017-7576 | 1 Dragonwavex | 2 Horizon Wireless Radio, Horizon Wireless Radio Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in recent versions including 1.4.8. | |||||
CVE-2015-2885 | 1 Lens Laboratories | 2 Peek-a-view, Peek-a-view Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account. | |||||
CVE-2017-8077 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
CVE-2017-7574 | 1 Schneider-electric | 3 Modicon Tm221ce16r, Modicon Tm221ce16r Firmware, Somachine | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. | |||||
CVE-2016-8954 | 1 Ibm | 1 Dashdb Local | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. | |||||
CVE-2016-10125 | 1 Dlink | 13 Dgs-1100-05, Dgs-1100-05pd, Dgs-1100-08 and 10 more | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | |||||
CVE-2017-5167 | 1 Binom3 | 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware | 2023-12-10 | 7.5 HIGH | 8.6 HIGH |
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords. | |||||
CVE-2017-6054 | 1 Hyundaiusa | 1 Blue Link | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information. | |||||
CVE-2016-10307 | 1 Gotrango | 10 Apex Lynx, Apex Lynx Firmware, Apex Orion and 7 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | |||||
CVE-2016-5818 | 1 Schneider-electric | 2 Powerlogic Pm8ecc, Powerlogic Pm8ecc Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. | |||||
CVE-2016-10305 | 1 Gotrango | 22 Apex, Apex Firmware, Apex Lynx and 19 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | |||||
CVE-2015-2887 | 1 Ibaby | 2 M3s Baby Monitor, M3s Baby Monitor Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
iBaby M3S has a password of admin for the backdoor admin account. | |||||
CVE-2016-8491 | 1 Fortinet | 1 Fortiwlc | 2023-12-10 | 9.4 HIGH | 9.1 CRITICAL |
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. |