Total
1273 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13658 | 1 Broadcom | 1 Network Flow Analysis | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | |||||
| CVE-2019-10995 | 1 Abb | 16 Cp651, Cp651-web, Cp651-web Firmware and 13 more | 2024-02-28 | 5.8 MEDIUM | 8.8 HIGH |
| ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. | |||||
| CVE-2020-3158 | 1 Cisco | 1 Smart Software Manager On-prem | 2024-02-28 | 8.8 HIGH | 9.1 CRITICAL |
| A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device. | |||||
| CVE-2019-5137 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. | |||||
| CVE-2020-8001 | 1 Intelliantech | 1 Aptus | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account. | |||||
| CVE-2019-9493 | 1 Mycarcontrols | 1 Mycar Controls | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia. | |||||
| CVE-2019-15801 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0. | |||||
| CVE-2019-10990 | 1 Redlion | 1 Crimson | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files. | |||||
| CVE-2020-4283 | 1 Ibm | 1 Security Information Queue | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 176206. | |||||
| CVE-2013-2572 | 1 Tp-link | 8 Tl-sc 3130, Tl-sc 3130 Firmware, Tl-sc 3130g and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files. | |||||
| CVE-2019-5106 | 1 Wago | 1 E\!cockpit | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. | |||||
| CVE-2019-19017 | 1 Titanhq | 1 Webtitan | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system. | |||||
| CVE-2019-4309 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. | |||||
| CVE-2018-18929 | 1 Trms | 2 Seneca Hdn, Seneca Hdn Firmware | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
| The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username and password can leverage it to gain administrator-level access on the system. | |||||
| CVE-2019-15975 | 1 Cisco | 1 Data Center Network Manager | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2019-15976 | 1 Cisco | 1 Data Center Network Manager | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2016-2360 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | |||||
| CVE-2019-15977 | 1 Cisco | 1 Data Center Network Manager | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2019-16734 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | |||||
| CVE-2019-13543 | 1 Medtronic | 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. | |||||