Vulnerabilities (CVE)

Filtered by CWE-798
Total 1267 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8361 1 Lynxspring 1 Jenesys Bas Bridge 2024-02-28 7.5 HIGH 8.6 HIGH
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication.
CVE-2016-8567 1 Siemens 1 Sicam Pas\/pqs 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP.
CVE-2016-10308 1 Siklu 7 Etherhaul-5500fd, Etherhaul 500tx, Etherhaul 60ghz V-band Radio and 4 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it.
CVE-2016-10177 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.
CVE-2016-8491 1 Fortinet 1 Fortiwlc 2024-02-28 9.4 HIGH 9.1 CRITICAL
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
CVE-2017-6403 1 Veritas 2 Netbackup, Netbackup Appliance 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.
CVE-2017-5230 1 Rapid7 1 Nexpose 2024-02-28 6.5 MEDIUM 7.2 HIGH
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.
CVE-2017-7648 1 Foscam 12 C1, C1 Lite, C2 and 9 more 2024-02-28 4.3 MEDIUM 8.1 HIGH
Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVE-2015-2887 1 Ibaby 2 M3s Baby Monitor, M3s Baby Monitor Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
iBaby M3S has a password of admin for the backdoor admin account.
CVE-2015-2867 1 Trane 1 Comfortlink Ii Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.
CVE-2016-10307 1 Gotrango 10 Apex Lynx, Apex Lynx Firmware, Apex Orion and 7 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.
CVE-2016-10115 1 Netgear 8 Arlo Base Station Firmware, Arlo Q Camera Firmware, Arlo Q Plus Camera Firmware and 5 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration.
CVE-2016-3685 3 Apple, Microsoft, Sap 3 Macos, Windows, Download Manager 2024-02-28 1.9 LOW 4.7 MEDIUM
SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338.
CVE-2015-2885 1 Lens Laboratories 2 Peek-a-view, Peek-a-view Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.
CVE-2017-7462 1 Intellinet-network 2 Nfc-30ir, Nfc-30ir Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.
CVE-2016-2948 1 Ibm 1 Bigfix Remote Control 2024-02-28 4.6 MEDIUM 7.8 HIGH
IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors.
CVE-2016-8954 1 Ibm 1 Dashdb Local 2024-02-28 7.5 HIGH 9.8 CRITICAL
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.
CVE-2017-5167 1 Binom3 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware 2024-02-28 7.5 HIGH 8.6 HIGH
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords.
CVE-2017-9132 1 Mimosa 2 Backhaul Radios, Client Radios 2024-02-28 5.0 MEDIUM 7.5 HIGH
A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether it be an AP, Client, or Backhaul model), an attacker can view all the messages being sent between the devices. If an attacker connects to an AP, the AP will leak information about any clients connected to it, including the serial numbers, which can be used to remotely factory reset the clients via a page in their web interface.
CVE-2015-2882 1 Philips 1 In.sight B120\\37 2024-02-28 10.0 HIGH 9.8 CRITICAL
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.