Total
1276 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11743 | 1 Medhost | 1 Connex | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to intercept sensitive patient information. The admin account password is hard-coded as $K8t1ng throughout the application, and is the same across all installations. Customers do not have the option to change the Mirth Connect admin account password. The Mirth Connect admin account is created during the Connex install. The plaintext account password is hard-coded multiple times in the Connex install and update scripts. | |||||
CVE-2017-11694 | 1 Medhost | 1 Medhost Document Management System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and financial information. The Apache Solr account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for Apache Solr has access to all indexed patient documents. | |||||
CVE-2017-11693 | 1 Medhost | 1 Medhost Document Management System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. PostgreSQL is used as the Document Management System database. The account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for PostgreSQL has access to the database schema for Document Management System. | |||||
CVE-2017-11634 | 1 - | 1 Wireless Ip Camera 360 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password of 123456. | |||||
CVE-2017-11632 | 1 - | 1 Wireless Ip Camera 360 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session. | |||||
CVE-2017-11614 | 1 Medhost | 1 Connex | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilizes an IBM i DB2 user account for database access. The account name is HMSCXPDN. Its password is hard-coded in multiple places in the application. Customers do not have the option to change this password. The account has elevated DB2 roles, and can access all objects or database tables on the customer DB2 database. This account can access data through ODBC, FTP, and TELNET. Customers without Connex installed are still vulnerable because the MEDHOST setup program creates this account. | |||||
CVE-2017-11436 | 1 Dlink | 1 Dir-615 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. | |||||
CVE-2017-11380 | 1 Trendmicro | 1 Deep Discovery Director | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1. | |||||
CVE-2017-11351 | 1 Axesstel | 2 Mu553s, Mu553s Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account. | |||||
CVE-2017-11129 | 1 Stashcat | 1 Heinekingmedia | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user. | |||||
CVE-2017-11026 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys. | |||||
CVE-2017-10818 | 1 Intercom | 1 Malion | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service. | |||||
CVE-2017-10616 | 1 Juniper | 1 Contrail | 2024-11-21 | 6.4 MEDIUM | 5.3 MEDIUM |
The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). | |||||
CVE-2016-9495 | 1 Hughes | 8 Dw7000, Dw7000 Firmware, Hn7000s and 5 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices. | |||||
CVE-2016-9358 | 1 Marel | 44 A320, A320 Firmware, A325 and 41 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords. | |||||
CVE-2016-9335 | 1 Redlion | 4 Sixnet-managed Industrial Switches, Sixnet-managed Industrial Switches Firmware, Stride-managed Ethernet Switches and 1 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174. | |||||
CVE-2016-9013 | 3 Canonical, Djangoproject, Fedoraproject | 3 Ubuntu Linux, Django, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary. | |||||
CVE-2016-8954 | 1 Ibm | 1 Dashdb Local | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. | |||||
CVE-2016-8754 | 1 Huawei | 2 Oceanstor 5600 V3, Oceanstor 5600 V3 Firmware | 2024-11-21 | 5.4 MEDIUM | 7.5 HIGH |
Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH. | |||||
CVE-2016-8731 | 1 Foscam | 2 C1 Webcam, C1 Webcam Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device. |