Vulnerabilities (CVE)

Filtered by CWE-798
Total 1270 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12724 1 Smiths-medical 1 Medfusion 4000 Wireless Syringe Infusion Pump 2024-02-28 6.8 MEDIUM 8.1 HIGH
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections.
CVE-2017-14002 1 Ge 2 Infinia Hawkeye 4, Infinia Hawkeye 4 Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.
CVE-2017-14014 1 Bostonscientific 2 Zoom Latitude Prm 3120, Zoom Latitude Prm 3120 Firmware 2024-02-28 2.1 LOW 4.6 MEDIUM
Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
CVE-2018-6210 1 Dlink 2 Dir-620, Dir-620 Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session.
CVE-2017-17539 1 Fortinet 1 Fortiwlc 2024-02-28 10.0 HIGH 9.8 CRITICAL
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.
CVE-2018-10328 1 Momentum 2 Momentum Axel 720p, Momentum Axel 720p Firmware 2024-02-28 3.3 LOW 7.4 HIGH
Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream.
CVE-2017-8011 1 Dell 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.
CVE-2017-11614 1 Medhost 1 Connex 2024-02-28 7.5 HIGH 9.8 CRITICAL
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilizes an IBM i DB2 user account for database access. The account name is HMSCXPDN. Its password is hard-coded in multiple places in the application. Customers do not have the option to change this password. The account has elevated DB2 roles, and can access all objects or database tables on the customer DB2 database. This account can access data through ODBC, FTP, and TELNET. Customers without Connex installed are still vulnerable because the MEDHOST setup program creates this account.
CVE-2016-8731 1 Foscam 2 C1 Webcam, C1 Webcam Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device.
CVE-2017-14021 1 Korenix 18 Jetnet5018g Firmware, Jetnet5310g Firmware, Jetnet5428g-2g-2fx Firmware and 15 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.
CVE-2017-9649 1 Mirion Technologies 14 Dmc 3000, Dmc 3000 Firmware, Drm-1\/2 and 11 more 2024-02-28 5.4 MEDIUM 5.0 MEDIUM
A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). An unchangeable, factory-set key is included in the 900 MHz transmitter firmware.
CVE-2017-6131 1 F5 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 6 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.
CVE-2017-8772 1 Twsz 2 Wifi Repeater, Wifi Repeater Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code that attacker desires (malicious or not).
CVE-2017-2283 1 Iodata 2 Wn-g300r3, Wn-g300r3 Firmware 2024-02-28 5.8 MEDIUM 8.0 HIGH
WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.
CVE-2017-12239 1 Cisco 1 Ios Xe 2024-02-28 7.2 HIGH 6.8 MEDIUM
A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132.
CVE-2016-0726 1 Nagios 1 Nagios 2024-02-28 7.5 HIGH 9.8 CRITICAL
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
CVE-2017-3186 1 Acti 1 Camera Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.
CVE-2017-14116 2 Att, Commscope 2 U-verse Firmware, Arris Nvg599 2024-02-28 9.3 HIGH 8.1 HIGH
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support.
CVE-2017-9932 1 Greenpacket 2 Dx-350, Dx-350 Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account.
CVE-2018-5725 1 Barni 2 Master Ip Camera01, Master Ip Camera01 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server.