Total
1274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10928 | 1 Onelogin | 1 Onelogin Saml Sso | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users. | |||||
| CVE-2016-10308 | 1 Siklu | 7 Etherhaul-5500fd, Etherhaul 500tx, Etherhaul 60ghz V-band Radio and 4 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it. | |||||
| CVE-2016-10307 | 1 Gotrango | 10 Apex Lynx, Apex Lynx Firmware, Apex Orion and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | |||||
| CVE-2016-10306 | 1 Trango | 4 A600-19-us, A600-25-us, A600-ext-us and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | |||||
| CVE-2016-10305 | 1 Gotrango | 22 Apex, Apex Firmware, Apex Lynx and 19 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | |||||
| CVE-2016-10179 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607. | |||||
| CVE-2016-10177 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234. | |||||
| CVE-2016-10125 | 1 Dlink | 13 Dgs-1100-05, Dgs-1100-05pd, Dgs-1100-08 and 10 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | |||||
| CVE-2016-10115 | 1 Netgear | 8 Arlo Base Station Firmware, Arlo Q Camera Firmware, Arlo Q Plus Camera Firmware and 5 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration. | |||||
| CVE-2016-0726 | 1 Nagios | 1 Nagios | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | |||||
| CVE-2016-0235 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326. | |||||
| CVE-2015-9254 | 1 Datto | 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Datto ALTO and SIRIS devices have a default VNC password. | |||||
| CVE-2015-7276 | 1 Technicolor | 4 C2000t, C2000t Firmware, C2100t and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Technicolor C2000T and C2100T uses hard-coded cryptographic keys. | |||||
| CVE-2015-7246 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | |||||
| CVE-2015-4667 | 1 Xceedium | 1 Xsuite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple hardcoded credentials in Xsuite 2.x. | |||||
| CVE-2015-3953 | 1 Pifzer | 6 Plum A\+3 Infusion System, Plum A\+3 Infusion System Firmware, Plum A\+ Infusion System and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. | |||||
| CVE-2015-2887 | 1 Ibaby | 2 M3s Baby Monitor, M3s Baby Monitor Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| iBaby M3S has a password of admin for the backdoor admin account. | |||||
| CVE-2015-2885 | 1 Lens Laboratories | 2 Peek-a-view, Peek-a-view Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account. | |||||
| CVE-2015-2882 | 1 Philips | 1 In.sight B120\\37 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account. | |||||
| CVE-2015-2881 | 1 Gynoii | 3 Gcw-1010, Gcw-1020, Gpw-1025 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account. | |||||