Vulnerabilities (CVE)

Filtered by CWE-1392
Total 20 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-7898 1 Tosei-corporation 1 Online Store Management System 2024-11-21 7.5 HIGH 7.3 HIGH
A vulnerability classified as critical was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-6535 1 Redhat 1 Service Interconnect 2024-11-21 N/A 5.3 MEDIUM
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.
CVE-2024-5632 2024-11-21 N/A N/A
Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. A user is neither advised to change it during the installation process, nor such a need is described in the manual. As the cameras from the same kit connect automatically, it is very probable for the default password to be left unchanged.
CVE-2024-5245 2024-11-21 N/A 7.8 HIGH
NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of default MySQL credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22755.
CVE-2024-4622 2024-11-21 N/A N/A
If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator.
CVE-2024-4007 2024-11-21 N/A 8.8 HIGH
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.
CVE-2024-31069 2024-11-21 N/A 7.4 HIGH
IO-1020 Micro ELD web server uses a default password for authentication.
CVE-2024-30210 2024-11-21 N/A 7.4 HIGH
IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.
CVE-2024-29844 2024-11-21 N/A 9.8 CRITICAL
Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.
CVE-2024-28093 2024-11-21 N/A 8.8 HIGH
The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account.
CVE-2024-27158 2024-11-21 N/A 7.4 HIGH
All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL.
CVE-2023-49621 1 Siemens 1 Simatic Cn 4100 2024-11-21 N/A 9.8 CRITICAL
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device.
CVE-2023-43844 2024-11-21 N/A 8.0 HIGH
Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the web interface and gain administrator privileges.
CVE-2023-40704 1 Philips 1 Vue Pacs 2024-11-21 N/A 7.1 HIGH
Philips Vue PACS uses default credentials for potentially critical functionality.
CVE-2023-3703 1 Proscend 40 A510-f1, A510-f1 Firmware, A510-l1 and 37 more 2024-11-21 N/A 10.0 CRITICAL
Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials
CVE-2023-30603 1 Hitrontech 2 Coda-5310, Coda-5310 Firmware 2024-11-21 N/A 9.8 CRITICAL
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service.
CVE-2024-6245 2024-11-07 N/A 7.4 HIGH
Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue affects SmartPlay: 66T0.05.50.
CVE-2024-39747 3 Ibm, Linux, Microsoft 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more 2024-09-16 N/A 9.8 CRITICAL
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
CVE-2024-39584 2024-08-28 N/A 8.2 HIGH
Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.
CVE-2024-7746 1 Traccar 1 Traccar 2024-08-22 N/A 9.8 CRITICAL
Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected by the authentication mechanism.  These transactions could have an impact on any sensitive aspect of the platform, including Confidentiality, Integrity and Availability.