Total
1273 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-11681 | 1 Lutron | 6 Homeworks Qs, Homeworks Qs Firmware, Radiora 2 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine | |||||
CVE-2018-11629 | 1 Lutron | 6 Homeworks Qs, Homeworks Qs Firmware, Radiora 2 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine | |||||
CVE-2018-11482 | 1 Tp-link | 8 Ipc Tl-ipc223\(p\)-6, Ipc Tl-ipc223\(p\)-6 Firmware, Tl-ipc323k-d and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. | |||||
CVE-2018-11311 | 1 Myscada | 1 Mypro | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials. | |||||
CVE-2018-11094 | 1 Intelbras | 2 Ncloud 300, Ncloud 300 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved. | |||||
CVE-2018-10966 | 1 Gamerpolls | 1 Gamerpolls | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret. | |||||
CVE-2018-10813 | 1 Aprendecondedos | 1 Dedos-web | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this could lead to privilege escalation. | |||||
CVE-2018-10723 | 1 Rangerstudio | 1 Directus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql. | |||||
CVE-2018-10575 | 1 Watchguard | 6 Ap100, Ap100 Firmware, Ap102 and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false. | |||||
CVE-2018-10328 | 1 Momentum | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2024-11-21 | 3.3 LOW | 7.4 HIGH |
Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream. | |||||
CVE-2018-10167 | 1 Tp-link | 1 Eap Controller | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows. | |||||
CVE-2018-0329 | 1 Cisco | 1 Wide Area Application Services | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device. Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration ('running-config') or the startup configuration ('startup-config'). Cisco Bug IDs: CSCvi40137. | |||||
CVE-2018-0222 | 1 Cisco | 1 Digital Network Architecture Center | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands with root privileges. This vulnerability affects all releases of Cisco DNA Center Software prior to Release 1.1.3. Cisco Bug IDs: CSCvh98929. | |||||
CVE-2018-0150 | 1 Cisco | 3 4431 Integrated Services Router, 4451 Integrated Services Router, Ios Xe | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x. Cisco Bug IDs: CSCve89880. | |||||
CVE-2018-0141 | 1 Cisco | 3 Prime Collaboration, Prime Collaboration Assurance, Prime Collaboration Provisioning | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. Cisco Bug IDs: CSCvc82982. | |||||
CVE-2017-9957 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials. | |||||
CVE-2017-9956 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass | |||||
CVE-2017-9932 | 1 Greenpacket | 2 Dx-350, Dx-350 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account. | |||||
CVE-2017-9852 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected | |||||
CVE-2017-9656 | 1 Philips | 1 Dosewise | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. |