Vulnerabilities (CVE)

Filtered by CWE-798
Total 1273 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18008 1 Dlink 14 Dir-140l, Dir-140l Firmware, Dir-640l and 11 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.
CVE-2018-18007 1 Dlink 2 Dsl-2770l, Dsl-2770l Firmware 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.
CVE-2018-18006 1 Ricoh 1 Myprint 2024-11-21 7.5 HIGH 9.8 CRITICAL
Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.
CVE-2018-17919 1 Xiongmaitech 1 Xmeye P2p Cloud Server 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams.
CVE-2018-17896 1 Yokogawa 8 Fcj, Fcj Firmware, Fcn-100 and 5 more 2024-11-21 9.3 HIGH 8.1 HIGH
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
CVE-2018-17894 1 Nuuo 1 Nuuo Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access.
CVE-2018-17492 1 Hidglobal 1 Easylobby Solo 2024-11-21 2.1 LOW 8.4 HIGH
EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
CVE-2018-17217 1 Ptc 1 Thingworx Platform 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key.
CVE-2018-16957 1 Oracle 1 Webcenter Interaction 2024-11-21 10.0 HIGH 9.8 CRITICAL
The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary able to access this service over a network could perform search queries to extract large quantities of sensitive information from the WCI installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.
CVE-2018-16546 1 Amcrest 1 Amcrest Ipc-hx1x3x-lexus Eng N Amcrest 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206.
CVE-2018-16201 1 Toshiba 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more 2024-11-21 8.3 HIGH 8.8 HIGH
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.
CVE-2018-16186 1 Ricoh 16 D2200, D2200 Firmware, D5500 and 13 more 2024-11-21 8.3 HIGH 8.8 HIGH
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration.
CVE-2018-16158 1 Eaton 6 Power Xpert Meter 4000, Power Xpert Meter 4000 Firmware, Power Xpert Meter 6000 and 3 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
CVE-2018-15808 1 Posim 1 Evo 2024-11-21 10.0 HIGH 9.8 CRITICAL
POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients.
CVE-2018-15781 1 Dell 1 Wyse Thinlinux 2024-11-21 7.9 HIGH 7.9 HIGH
The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.
CVE-2018-15753 1 Mensamax 1 Mensamax 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password.
CVE-2018-15720 1 Logitech 2 Harmony Hub, Harmony Hub Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.
CVE-2018-15491 1 Zemana 1 Antilogger 2024-11-21 5.0 MEDIUM 7.5 HIGH
A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes).
CVE-2018-15439 1 Cisco 228 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 225 more 2024-11-21 9.3 HIGH 9.8 CRITICAL
A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability.
CVE-2018-15427 1 Cisco 2 Connected Safety And Security Ucs C220, Video Surveillance Manager 2024-11-21 10.0 HIGH 9.8 CRITICAL
A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.