Total
725 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7283 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | |||||
CVE-2015-7280 | 1 Readynet Solutions | 2 Wrt300n-dd, Wrt300n-dd Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | |||||
CVE-2015-7277 | 1 Ampedwireless | 2 R10000, R10000 Firmware | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | |||||
CVE-2015-7261 | 1 Qnap | 2 Iartist Lite, Signage Station | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21. | |||||
CVE-2015-7259 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. | |||||
CVE-2015-7258 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | |||||
CVE-2015-7251 | 1 Zte | 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | |||||
CVE-2015-6846 | 1 Emc | 1 Sourceone Email Supervisor | 2024-11-21 | 6.8 MEDIUM | N/A |
EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations. | |||||
CVE-2015-6743 | 1 Basware | 1 Banking | 2024-11-21 | 6.5 MEDIUM | N/A |
Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions. | |||||
CVE-2015-6742 | 1 Basware | 1 Banking | 2024-11-21 | 6.5 MEDIUM | N/A |
Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions. | |||||
CVE-2015-6524 | 2 Apache, Fedoraproject | 2 Activemq, Fedora | 2024-11-21 | 5.0 MEDIUM | N/A |
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. | |||||
CVE-2015-6472 | 1 Wago | 6 750-849, 750-849 Firmware, 750-881 and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. | |||||
CVE-2015-6424 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2024-11-21 | 7.2 HIGH | N/A |
The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985. | |||||
CVE-2015-6412 | 1 Cisco | 2 Modular Encoding Platform D9036, Modular Encoding Platform D9036 Software | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070. | |||||
CVE-2015-6336 | 1 Cisco | 5 Aironet 1830e, Aironet 1830i, Aironet 1850e and 2 more | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062. | |||||
CVE-2015-6316 | 1 Cisco | 1 Mobility Services Engine | 2024-11-21 | 6.5 MEDIUM | N/A |
The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501. | |||||
CVE-2015-6095 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8 and 4 more | 2024-11-21 | 4.9 MEDIUM | N/A |
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles password changes, which allows physically proximate attackers to bypass authentication, and conduct decryption attacks against certain BitLocker configurations, by connecting to an unintended Key Distribution Center (KDC), aka "Windows Kerberos Security Feature Bypass." | |||||
CVE-2015-6032 | 1 Qolsys | 1 Iq Panel | 2024-11-21 | 9.3 HIGH | N/A |
Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation. | |||||
CVE-2015-6016 | 1 Zyxel | 4 Nbg-418n, P-660hw-t1 2, Pmg5318-b20a Firmware and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. | |||||
CVE-2015-5994 | 1 Mediabridge | 2 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware | 2024-11-21 | 7.9 HIGH | 6.8 MEDIUM |
The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote attackers to obtain administrative privileges by leveraging a Wi-Fi session. |