Total
965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13474 | 1 Telestar | 22 Bobs Rock Radio, Bobs Rock Radio Firmware, Dabman D10 and 19 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands. | |||||
| CVE-2018-1959 | 1 Ibm | 1 Security Identity Manager | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633. | |||||
| CVE-2019-3983 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2020-08-24 | 7.2 HIGH | 6.8 MEDIUM |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. | |||||
| CVE-2019-13466 | 2 Sandisk, Westerndigital | 2 Ssd Dashboard, Ssd Dashboard | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available. | |||||
| CVE-2019-8950 | 1 Dasannetworks | 2 H665, H665 Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET. | |||||
| CVE-2019-9229 | 1 Audiocodes | 8 Median 500-msbr, Median 500-msbr Firmware, Median 500l-msbr and 5 more | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions. | |||||
| CVE-2019-11030 | 1 Mirasys | 1 Mirasys Vms | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a serialized object) may be executed with SYSTEM privileges. The attacker must properly encrypt the object; however, the hardcoded keys are available. | |||||
| CVE-2020-13793 | 1 Ivanti | 1 Dsm Netinst | 2020-08-11 | 7.5 HIGH | 9.8 CRITICAL |
| Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. | |||||
| CVE-2019-20025 | 1 Nec | 2 Sv9100, Sv9100 Firmware | 2020-08-06 | 10.0 HIGH | 9.8 CRITICAL |
| Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privilege level. An attacker could exploit this vulnerability by using this account to remotely log into an affected device. A successful exploit could allow the attacker to log into the device with manufacturer level access. This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. This vulnerability does not affect SV9100 software releases prior to 6.0. | |||||
| CVE-2020-4459 | 1 Ibm | 1 Security Secret Server | 2020-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 181395. | |||||
| CVE-2020-3382 | 1 Cisco | 1 Data Center Network Manager | 2020-08-05 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges. | |||||
| CVE-2020-1614 | 1 Juniper | 2 Junos, Nfx250 | 2020-07-29 | 9.3 HIGH | 10.0 CRITICAL |
| A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX250 Series vSRX VNF. No other products or platforms are affected. This issue is only applicable to environments where the vSRX VNF root password has not been configured. This issue affects the Juniper Networks NFX250 Network Services Platform vSRX VNF instance on versions prior to 19.2R1. | |||||
| CVE-2020-11543 | 1 Opsramp | 1 Gateway | 2020-07-27 | 10.0 HIGH | 9.8 CRITICAL |
| OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. This issue has been resolved in OpsRamp Gateway firmware version 7.0.0 where an administrator and a system user accounts are the only available user accounts for the gateway appliance. | |||||
| CVE-2020-4385 | 1 Ibm | 1 Verify Gateway | 2020-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266. | |||||
| CVE-2020-3330 | 1 Cisco | 2 Rv110w Wireless-n Vpn Firewall, Rv110w Wireless-n Vpn Firewall Firmware | 2020-07-22 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device. | |||||
| CVE-2020-5374 | 1 Dell | 2 Emc Omimssc For Sccm, Emc Omimssc For Scvmm | 2020-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices. | |||||
| CVE-2020-8573 | 1 Netapp | 2 Hci H610s, Hci H610s Firmware | 2020-07-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC account password on the H610C, H615C and H610S platforms is reset to the default documented value which could allow remote attackers to cause a Denial of Service (DoS). | |||||
| CVE-2020-11951 | 1 Rittal | 9 Cmc Iii Pu 7030.000, Cmc Iii Pu 7030.000 Firmware, Cmciii-pu-9333e0fb and 6 more | 2020-07-17 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a Backdoor root account. | |||||
| CVE-2020-10988 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2020-07-15 | 10.0 HIGH | 9.8 CRITICAL |
| A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device. | |||||
| CVE-2018-12240 | 1 Symantec | 1 Norton Password Manager | 2020-07-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials. | |||||