Total
807 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20398 | 1 Skyworthdigital | 10 Cm5100, Cm5100-440, Cm5100-440 Firmware and 7 more | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20397 | 1 Mplustec | 2 Cbc383z, Cbc383z Firmware | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20396 | 1 Net-wave | 4 Ming2120j, Ming2120j Firmware, Ming6300 and 1 more | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20395 | 1 Net-wave | 2 Ming6200, Ming6200 Firmware | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20394 | 1 Technicolor | 8 Dwg849, Dwg849 Firmware, Dwg850-4 and 5 more | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20392 | 1 Cisco | 2 Dpc2100, Dpc2100 Firmware | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20391 | 1 Teknotel | 2 Cbw700n, Cbw700n Firmware | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20390 | 1 Kaonmedia | 6 Cg2001-an22a, Cg2001-an22a Firmware, Cg2001-udbna and 3 more | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20388 | 1 Comtrend | 4 Cm-6200un, Cm-6200un Firmware, Cm-6300n and 1 more | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20387 | 1 Bnmux | 6 Bcw700j, Bcw700j Firmware, Bcw710j and 3 more | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| Bnmux BCW700J 5.20.7, BCW710J 5.30.6a, and BCW710J2 5.30.16 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20385 | 1 Castlenet | 8 Cbv38z4ec, Cbv38z4ec Firmware, Cbv38z4ecnit and 5 more | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-19795 | 1 Chipsbank | 1 Umptool | 2019-10-02 | 7.2 HIGH | 6.8 MEDIUM |
| ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device. | |||||
| CVE-2018-19078 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password. | |||||
| CVE-2018-18754 | 1 Zyxel | 2 Vmg3312-b10b, Vmg3312-b10b Firmware | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. | |||||
| CVE-2018-17969 | 1 Samsung | 2 Scx-6545x, Scx-6545x Firmware | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests. | |||||
| CVE-2018-17613 | 1 Telegram | 1 Telegram Desktop | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. | |||||
| CVE-2018-16987 | 1 Squashtest | 1 Squash Tm | 2019-10-02 | 4.0 MEDIUM | 7.2 HIGH |
| Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code. | |||||
| CVE-2018-16984 | 1 Djangoproject | 1 Django | 2019-10-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes. | |||||
| CVE-2018-16791 | 1 Solarwinds | 1 Sftp\/scp Server | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server. | |||||
| CVE-2018-16669 | 1 Circontrol | 1 Open Charge Point Protocol | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels. | |||||