Total
1270 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-12724 | 1 Smiths-medical | 1 Medfusion 4000 Wireless Syringe Infusion Pump | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections. | |||||
CVE-2017-14002 | 1 Ge | 2 Infinia Hawkeye 4, Infinia Hawkeye 4 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | |||||
CVE-2017-14014 | 1 Bostonscientific | 2 Zoom Latitude Prm 3120, Zoom Latitude Prm 3120 Firmware | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. | |||||
CVE-2018-6210 | 1 Dlink | 2 Dir-620, Dir-620 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. | |||||
CVE-2017-17539 | 1 Fortinet | 1 Fortiwlc | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell. | |||||
CVE-2018-10328 | 1 Momentum | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2024-02-28 | 3.3 LOW | 7.4 HIGH |
Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream. | |||||
CVE-2017-8011 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system. | |||||
CVE-2017-11614 | 1 Medhost | 1 Connex | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilizes an IBM i DB2 user account for database access. The account name is HMSCXPDN. Its password is hard-coded in multiple places in the application. Customers do not have the option to change this password. The account has elevated DB2 roles, and can access all objects or database tables on the customer DB2 database. This account can access data through ODBC, FTP, and TELNET. Customers without Connex installed are still vulnerable because the MEDHOST setup program creates this account. | |||||
CVE-2016-8731 | 1 Foscam | 2 C1 Webcam, C1 Webcam Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device. | |||||
CVE-2017-14021 | 1 Korenix | 18 Jetnet5018g Firmware, Jetnet5310g Firmware, Jetnet5428g-2g-2fx Firmware and 15 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks. | |||||
CVE-2017-9649 | 1 Mirion Technologies | 14 Dmc 3000, Dmc 3000 Firmware, Drm-1\/2 and 11 more | 2024-02-28 | 5.4 MEDIUM | 5.0 MEDIUM |
A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). An unchangeable, factory-set key is included in the 900 MHz transmitter firmware. | |||||
CVE-2017-6131 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 6 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH. | |||||
CVE-2017-8772 | 1 Twsz | 2 Wifi Repeater, Wifi Repeater Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code that attacker desires (malicious or not). | |||||
CVE-2017-2283 | 1 Iodata | 2 Wn-g300r3, Wn-g300r3 Firmware | 2024-02-28 | 5.8 MEDIUM | 8.0 HIGH |
WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | |||||
CVE-2017-12239 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132. | |||||
CVE-2016-0726 | 1 Nagios | 1 Nagios | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | |||||
CVE-2017-3186 | 1 Acti | 1 Camera Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials. | |||||
CVE-2017-14116 | 2 Att, Commscope | 2 U-verse Firmware, Arris Nvg599 | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support. | |||||
CVE-2017-9932 | 1 Greenpacket | 2 Dx-350, Dx-350 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account. | |||||
CVE-2018-5725 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server. |