Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-522
Total 807 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20398 1 Skyworthdigital 10 Cm5100, Cm5100-440, Cm5100-440 Firmware and 7 more 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20397 1 Mplustec 2 Cbc383z, Cbc383z Firmware 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20396 1 Net-wave 4 Ming2120j, Ming2120j Firmware, Ming6300 and 1 more 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20395 1 Net-wave 2 Ming6200, Ming6200 Firmware 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20394 1 Technicolor 8 Dwg849, Dwg849 Firmware, Dwg850-4 and 5 more 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20392 1 Cisco 2 Dpc2100, Dpc2100 Firmware 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20391 1 Teknotel 2 Cbw700n, Cbw700n Firmware 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20390 1 Kaonmedia 6 Cg2001-an22a, Cg2001-an22a Firmware, Cg2001-udbna and 3 more 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20388 1 Comtrend 4 Cm-6200un, Cm-6200un Firmware, Cm-6300n and 1 more 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20387 1 Bnmux 6 Bcw700j, Bcw700j Firmware, Bcw710j and 3 more 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
Bnmux BCW700J 5.20.7, BCW710J 5.30.6a, and BCW710J2 5.30.16 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20385 1 Castlenet 8 Cbv38z4ec, Cbv38z4ec Firmware, Cbv38z4ecnit and 5 more 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-19795 1 Chipsbank 1 Umptool 2019-10-02 7.2 HIGH 6.8 MEDIUM
ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device.
CVE-2018-19078 2 Foscam, Opticam 6 C2, C2 Application Firmware, C2 System Firmware and 3 more 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password.
CVE-2018-18754 1 Zyxel 2 Vmg3312-b10b, Vmg3312-b10b Firmware 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.
CVE-2018-17969 1 Samsung 2 Scx-6545x, Scx-6545x Firmware 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests.
CVE-2018-17613 1 Telegram 1 Telegram Desktop 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.
CVE-2018-16987 1 Squashtest 1 Squash Tm 2019-10-02 4.0 MEDIUM 7.2 HIGH
Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code.
CVE-2018-16984 1 Djangoproject 1 Django 2019-10-02 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.
CVE-2018-16791 1 Solarwinds 1 Sftp\/scp Server 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.
CVE-2018-16669 1 Circontrol 1 Open Charge Point Protocol 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.