Vulnerabilities (CVE)

Filtered by CWE-1391
Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-43698 2024-10-23 N/A 9.8 CRITICAL
Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.
CVE-2024-45272 2 Helmholz, Mbconnectline 23 Myrex24 V2 Virtual Server, Rex 200, Rex 200 Firmware and 20 more 2024-10-17 N/A 7.5 HIGH
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.
CVE-2024-42027 2024-10-07 N/A 6.7 MEDIUM
The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.
CVE-2024-7558 2024-10-04 N/A 8.7 HIGH
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.
CVE-2023-0635 1 Abb 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more 2024-09-19 N/A 9.8 CRITICAL
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01.
CVE-2024-40892 2024-08-21 N/A 7.1 HIGH
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely).
CVE-2024-28066 2024-08-15 N/A 8.8 HIGH
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
CVE-2024-5634 2024-08-01 N/A N/A
Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy.  Additionally, every camera with the same firmware version shares the same password.
CVE-2024-42051 2024-08-01 N/A 7.8 HIGH
The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg.
CVE-2024-33849 2024-08-01 N/A 6.5 MEDIUM
ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key.
CVE-2024-32759 2024-07-11 N/A N/A
Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials.