Total
965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24005 | 1 Fortinet | 1 Fortiauthenticator | 2021-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key. | |||||
| CVE-2021-31505 | 1 Arlo | 2 Q Plus, Q Plus Firmware | 2021-07-07 | 7.2 HIGH | 6.8 MEDIUM |
| This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mode where hard-coded credentials are accepted for SSH authentication. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-12890. | |||||
| CVE-2021-33540 | 1 Phoenixcontact | 36 Axl F Bk Eip, Axl F Bk Eip Ef, Axl F Bk Eip Ef Firmware and 33 more | 2021-07-01 | 7.5 HIGH | 7.3 HIGH |
| In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists. | |||||
| CVE-2021-31477 | 1 Ge | 2 Reason Rpv311 Firmware, Rpv311 | 2021-06-24 | 7.5 HIGH | 7.3 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852. | |||||
| CVE-2020-25752 | 1 Enphase | 2 Envoy, Envoy Firmware | 2021-06-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. The serial number can be retrieved by an unauthenticated user at /info.xml. These passwords can be easily calculated by an attacker; users are unable to change these passwords. | |||||
| CVE-2021-34812 | 1 Synology | 1 Calendar | 2021-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2021-27481 | 1 Zoll | 1 Defibrillator Dashboard | 2021-06-22 | 2.1 LOW | 5.5 MEDIUM |
| ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information. | |||||
| CVE-2017-6558 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2021-06-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. | |||||
| CVE-2020-15382 | 1 Broadcom | 1 Brocade Sannav | 2021-06-17 | 6.5 MEDIUM | 7.2 HIGH |
| Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time. | |||||
| CVE-2020-21995 | 1 Inim | 12 Smartliving 10100l, Smartliving 10100l Firmware, Smartliving 10100lg3 and 9 more | 2021-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system. | |||||
| CVE-2020-1716 | 1 Ceph | 1 Ceph-ansible | 2021-06-10 | 9.0 HIGH | 8.8 HIGH |
| A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph dashboard to initiate read, write, and delete Ceph clusters and also modify Ceph cluster configurations. Versions before ceph-ansible 6.0.0alpha1 are affected. | |||||
| CVE-2021-32459 | 1 Trendmicro | 1 Home Network Security | 2021-06-07 | 5.5 MEDIUM | 6.5 MEDIUM |
| Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability. | |||||
| CVE-2021-20025 | 1 Sonicwall | 1 Email Security Virtual Appliance | 2021-06-04 | 6.9 MEDIUM | 7.8 HIGH |
| SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall. | |||||
| CVE-2021-28111 | 1 Draeger | 4 X-dock 5300, X-dock 6300, X-dock 6600 and 1 more | 2021-05-25 | 6.5 MEDIUM | 8.8 HIGH |
| Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker. | |||||
| CVE-2021-32454 | 1 Sitel-sa | 2 Remote Cap\/prx, Remote Cap\/prx Firmware | 2021-05-25 | 5.8 MEDIUM | 8.8 HIGH |
| SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access. | |||||
| CVE-2021-20426 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196313. | |||||
| CVE-2021-29691 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2021-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252. | |||||
| CVE-2021-27437 | 1 Advantech | 1 Wise-paas\/rmm | 2021-05-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1). | |||||
| CVE-2017-10818 | 1 Intercom | 1 Malion | 2021-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service. | |||||
| CVE-2021-28152 | 1 Hongdian | 2 H8922, H8922 Firmware | 2021-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn. | |||||