Total
192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11966 | 1 Evenroute | 2 Iqrouter, Iqrouter Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time” | |||||
| CVE-2020-11925 | 1 Luvion | 2 Grand Elite 3 Connect, Grand Elite 3 Connect Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model. | |||||
| CVE-2020-11624 | 1 Avertx | 4 Hd438, Hd438 Firmware, Hd838 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the default password for the admin account. They only show a pop-up window suggesting a change but there's no enforcement. An administrator can click Cancel and proceed to use the device without changing the password. Additionally, they disclose the default username within the login.js script. Since many attacks for IoT devices, including malware and exploits, are based on the usage of default credentials, it makes these cameras an easy target for malicious actors. | |||||
| CVE-2019-9950 | 1 Westerndigital | 18 My Cloud, My Cloud Dl2100, My Cloud Dl2100 Firmware and 15 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file checks credentials against /etc/shadow. However, the "nobody" account (which can be used to access the control panel API as a low-privilege logged-in user) has a default empty password, allowing an attacker to modify the My Cloud EX2 Ultra web page source code and obtain access to the My Cloud as a non-Admin My Cloud device user. | |||||
| CVE-2019-9123 | 1 Dlink | 2 Dir-825 Rev.b, Dir-825 Rev.b Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password. | |||||
| CVE-2019-9096 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords. | |||||
| CVE-2019-7676 | 1 Enphase | 1 Envoy | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account. | |||||
| CVE-2019-7674 | 1 Mobotix | 2 S14, S14 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user. | |||||
| CVE-2019-7488 | 1 Sonicwall | 1 Email Security Appliance | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. | |||||
| CVE-2019-6558 | 1 Auto-maskin | 5 Dcu 210e, Dcu 210e Firmware, Marine Pro Observer and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. | |||||
| CVE-2019-4698 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929. | |||||
| CVE-2019-4576 | 2 Ibm, Linux | 2 Qradar Network Packet Capture, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803. | |||||
| CVE-2019-4565 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. | |||||
| CVE-2019-4321 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. | |||||
| CVE-2019-4235 | 1 Ibm | 1 Pureapplication System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417. | |||||
| CVE-2019-4067 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012. | |||||
| CVE-2019-3758 | 1 Rsa | 1 Archer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts. | |||||
| CVE-2019-19747 | 1 Neuvector | 1 Neuvector | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that the active directory server has not been configured to reject empty passwords). | |||||
| CVE-2019-19690 | 2 Google, Trendmicro | 2 Android, Mobile Security | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. | |||||
| CVE-2019-19093 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. | |||||