Total
1280 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10206 | 1 Amino | 12 Ak45x, Ak45x Firmware, Ak5xx and 9 more | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device. | |||||
| CVE-2020-0016 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413483 | |||||
| CVE-2019-9975 | 1 Dasannetworks | 2 H660rm, H660rm Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key. | |||||
| CVE-2019-9533 | 1 Cobham | 2 Explorer 710, Explorer 710 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device. | |||||
| CVE-2019-9493 | 1 Mycarcontrols | 1 Mycar Controls | 2024-11-21 | 10.0 HIGH | 6.5 MEDIUM |
| The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia. | |||||
| CVE-2019-9229 | 1 Audiocodes | 8 Median 500-msbr, Median 500-msbr Firmware, Median 500l-msbr and 5 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions. | |||||
| CVE-2019-9160 | 1 Xinruidz | 2 Sundray Wan Controller, Sundray Wan Controller Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string). | |||||
| CVE-2019-8950 | 1 Dasannetworks | 2 H665, H665 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET. | |||||
| CVE-2019-8352 | 1 Bmc | 1 Patrol Agent | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network. | |||||
| CVE-2019-7672 | 1 Primasystems | 1 Flexair | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges. | |||||
| CVE-2019-7594 | 1 Johnsoncontrols | 1 Metasys System | 2024-11-21 | 6.4 MEDIUM | 6.8 MEDIUM |
| Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP). | |||||
| CVE-2019-7593 | 1 Johnsoncontrols | 1 Metasys System | 2024-11-21 | 6.4 MEDIUM | 6.8 MEDIUM |
| Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP). | |||||
| CVE-2019-7279 | 1 Optergy | 2 Enterprise, Proton | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| Optergy Proton/Enterprise devices have Hard-coded Credentials. | |||||
| CVE-2019-7265 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). | |||||
| CVE-2019-7261 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Linear eMerge E3-Series devices have Hard-coded Credentials. | |||||
| CVE-2019-7225 | 1 Abb | 32 Cp620, Cp620-web, Cp620-web Firmware and 29 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components. | |||||
| CVE-2019-7212 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists. | |||||
| CVE-2019-7161 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data. | |||||
| CVE-2019-6859 | 1 Schneider-electric | 20 140 Cpu6x, 140 Cpu6x Firmware, 140 Noc 77101 and 17 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network. | |||||
| CVE-2019-6812 | 1 Schneider-electric | 2 Bmx-nor-0200h, Bmx-nor-0200h Firmware | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
| A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol. | |||||