Total
1280 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6446 | 1 Broadcom | 1 Brocade Network Advisor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. | |||||
| CVE-2018-6401 | 1 Meross | 2 Mss110, Mss110 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an undocumented admin account with a blank password. | |||||
| CVE-2018-6387 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account. | |||||
| CVE-2018-6213 | 2 D-link, Dlink | 2 Dir-620 Firmware, Dir-620 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account. | |||||
| CVE-2018-6210 | 1 Dlink | 2 Dir-620, Dir-620 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. | |||||
| CVE-2018-5797 | 1 Extremenetworks | 1 Extremewireless Wing | 2024-11-21 | 3.3 LOW | 7.5 HIGH |
| An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port. | |||||
| CVE-2018-5768 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. | |||||
| CVE-2018-5725 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server. | |||||
| CVE-2018-5723 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account. | |||||
| CVE-2018-5560 | 1 Guardzilla | 2 Gz521w, Gz521w Firmware | 2024-11-21 | 5.0 MEDIUM | 10.0 CRITICAL |
| A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device. | |||||
| CVE-2018-5552 | 1 Docutracinc | 1 Dtisqlinstaller | 2024-11-21 | 2.1 LOW | 2.9 LOW |
| Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper". | |||||
| CVE-2018-5551 | 1 Docutracinc | 1 Dtisqlinstaller | 2024-11-21 | 10.0 HIGH | 9.0 CRITICAL |
| Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa. | |||||
| CVE-2018-5399 | 1 Auto-maskin | 4 Dcu-210e, Dcu-210e Firmware, Rp-210e and 1 more | 2024-11-21 | 10.0 HIGH | 9.4 CRITICAL |
| The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password only authentication not cryptographic keys, however the firmware image contains an RSA host-key for the server. An attacker can exploit this vulnerability to gain root access to the Angstrom Linux operating system and modify any binaries or configuration files in the firmware. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7. | |||||
| CVE-2018-4846 | 1 Siemens | 6 Rapidlab 1200, Rapidlab 1200 Firmware, Rapidpoint 400 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). A factory account with hardcoded password might allow attackers access to the device over port 5900/tcp. Successful exploitation requires no user interaction or privileges and impacts the confidentiality, integrity, and availability of the affected device. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue. | |||||
| CVE-2018-4062 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability. | |||||
| CVE-2018-4017 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2024-11-21 | 3.3 LOW | 8.8 HIGH |
| An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability. | |||||
| CVE-2018-21137 | 1 Netgear | 4 D3600, D3600 Firmware, D6000 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. | |||||
| CVE-2018-20955 | 1 Swann | 2 Swwhd-intcam-hd, Swwhd-intcam-hd Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31. | |||||
| CVE-2018-20432 | 1 Dlink | 4 Covr-2600r, Covr-2600r Firmware, Covr-3902 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. | |||||
| CVE-2018-20219 | 1 Teracue | 6 Enc-400 Hdmi, Enc-400 Hdmi2, Enc-400 Hdmi2 Firmware and 3 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged. | |||||