Total
965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5686 | 1 Zpanelcp | 1 Zpanel | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| ZPanel 10.0.1 has insufficient entropy for its password reset process. | |||||
| CVE-2020-5222 | 1 Apereo | 1 Opencast | 2020-02-05 | 6.5 MEDIUM | 8.8 HIGH |
| Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1 | |||||
| CVE-2013-2567 | 1 Zavio | 4 F3105, F3105 Firmware, F312a and 1 more | 2020-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information. | |||||
| CVE-2020-8000 | 1 Intelliantech | 1 Aptus Web | 2020-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account. | |||||
| CVE-2013-2572 | 1 Tp-link | 8 Tl-sc 3130, Tl-sc 3130 Firmware, Tl-sc 3130g and 5 more | 2020-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files. | |||||
| CVE-2020-8001 | 1 Intelliantech | 1 Aptus | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account. | |||||
| CVE-2020-7999 | 1 Intelliantech | 1 Aptus | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY. | |||||
| CVE-2019-16153 | 1 Fortinet | 1 Fortisiem | 2020-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. | |||||
| CVE-2019-9493 | 1 Mycarcontrols | 1 Mycar Controls | 2020-01-24 | 10.0 HIGH | 9.8 CRITICAL |
| The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia. | |||||
| CVE-2019-10995 | 1 Abb | 16 Cp651, Cp651-web, Cp651-web Firmware and 13 more | 2020-01-24 | 5.8 MEDIUM | 8.8 HIGH |
| ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. | |||||
| CVE-2019-14919 | 1 Billion | 2 Sg600 R2, Sg600 R2 Firmware | 2020-01-21 | 7.2 HIGH | 7.8 HIGH |
| An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device. | |||||
| CVE-2019-14837 | 1 Redhat | 2 Keycloak, Single Sign-on | 2020-01-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be 'service-account-test@placeholder.org'. | |||||
| CVE-2013-3619 | 2 Citrix, Supermicro | 10 Netscaler, Netscaler Firmware, Netscaler Sd-wan and 7 more | 2020-01-15 | 4.3 MEDIUM | 8.1 HIGH |
| Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon. | |||||
| CVE-2013-3542 | 1 Grandstream | 26 Gxv3500, Gxv3500 Firmware, Gxv3501 and 23 more | 2019-12-19 | 10.0 HIGH | 10.0 CRITICAL |
| Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. | |||||
| CVE-2019-16734 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2019-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | |||||
| CVE-2019-19492 | 1 Freeswitch | 1 Freeswitch | 2019-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. | |||||
| CVE-2019-19017 | 1 Titanhq | 1 Webtitan | 2019-12-09 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system. | |||||
| CVE-2019-19021 | 1 Titanhq | 1 Webtitan | 2019-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account. | |||||
| CVE-2018-0150 | 1 Cisco | 3 Integrated Services Router 4431, Integrated Services Router 4451, Ios Xe | 2019-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x. Cisco Bug IDs: CSCve89880. | |||||
| CVE-2019-6693 | 1 Fortinet | 1 Fortios | 2019-11-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set). | |||||