Total
1276 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17540 | 1 Fortinet | 1 Fortiwlc | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell. | |||||
| CVE-2017-17539 | 1 Fortinet | 1 Fortiwlc | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell. | |||||
| CVE-2017-17107 | 1 Zivif | 2 Pr115-204-p-rs, Pr115-204-p-rs Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session. | |||||
| CVE-2017-15909 | 1 Dlink | 2 Dgs-1500, Dgs-1500 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. | |||||
| CVE-2017-15582 | 1 Writediary | 1 Diary With Lock | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries. | |||||
| CVE-2017-14728 | 1 Orpak | 1 Siteomat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public. | |||||
| CVE-2017-14428 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions. | |||||
| CVE-2017-14426 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions. | |||||
| CVE-2017-14422 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | |||||
| CVE-2017-14421 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session. | |||||
| CVE-2017-14376 | 1 Emc | 1 Appsync | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-14374 | 1 Dell | 1 Storage Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance). | |||||
| CVE-2017-14143 | 1 Kaltura | 1 Kaltura Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie. | |||||
| CVE-2017-14116 | 2 Att, Commscope | 2 U-verse Firmware, Arris Nvg599 | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support. | |||||
| CVE-2017-14115 | 2 Att, Commscope | 3 U-verse Firmware, Arris Nvg589, Arris Nvg599 | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands. | |||||
| CVE-2017-14027 | 1 Korenix | 18 Jetnet5018g Firmware, Jetnet5310g Firmware, Jetnet5428g-2g-2fx Firmware and 15 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access. | |||||
| CVE-2017-14021 | 1 Korenix | 18 Jetnet5018g Firmware, Jetnet5310g Firmware, Jetnet5428g-2g-2fx Firmware and 15 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks. | |||||
| CVE-2017-14014 | 1 Bostonscientific | 2 Zoom Latitude Prm 3120, Zoom Latitude Prm 3120 Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. | |||||
| CVE-2017-14008 | 1 Ge | 1 Centricity Pacs Ra1000 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | |||||
| CVE-2017-14006 | 1 Ge | 1 Xeleris | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | |||||