Total
965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10479 | 1 Glory-global | 2 Rbw-100, Rbw-100 Firmware | 2019-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface. | |||||
| CVE-2019-10011 | 1 Jenzabar | 1 Internet Campus Solution | 2019-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234. | |||||
| CVE-2018-20219 | 1 Teracue | 6 Enc-400 Hdmi, Enc-400 Hdmi2, Enc-400 Hdmi2 Firmware and 3 more | 2019-03-25 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged. | |||||
| CVE-2018-9149 | 1 Zyxel | 2 Ac3000, Ac3000 Firmware | 2019-03-14 | 7.2 HIGH | 6.8 MEDIUM |
| The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device's TELNET service as a backdoor. | |||||
| CVE-2018-7800 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2019-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. | |||||
| CVE-2009-5154 | 1 Mobotix | 2 S14, S14 Firmware | 2019-02-13 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account. | |||||
| CVE-2019-6499 | 1 Teradata | 1 Viewpoint | 2019-02-07 | 9.3 HIGH | 8.1 HIGH |
| Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2018-16186 | 1 Ricoh | 16 D2200, D2200 Firmware, D5500 and 13 more | 2019-02-04 | 8.3 HIGH | 8.8 HIGH |
| RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration. | |||||
| CVE-2018-10532 | 1 Ee | 2 4gee, 4gee Firmware | 2019-01-30 | 8.3 HIGH | 8.8 HIGH |
| An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the "core_app" binary utilised by the EE router for networking services. An attacker with knowledge of the default password (oelinux123) could login to the router via SSH as the root user, which could allow for the loss of confidentiality, integrity, and availability of the system. This would also allow for the bypass of the "AP Isolation" mode that is supported by the router, as well as the settings for multiple Wireless networks, which a user may use for guest clients. | |||||
| CVE-2018-11062 | 1 Dell | 1 Emc Integrated Data Protection Appliance | 2019-01-30 | 9.0 HIGH | 8.8 HIGH |
| Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files. | |||||
| CVE-2018-12668 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2019-01-25 | 10.0 HIGH | 9.8 CRITICAL |
| SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password. | |||||
| CVE-2018-16201 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2019-01-24 | 8.3 HIGH | 8.8 HIGH |
| Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands. | |||||
| CVE-2018-1000625 | 1 Battelle | 1 V2i Hub | 2019-01-11 | 10.0 HIGH | 9.8 CRITICAL |
| Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system. | |||||
| CVE-2018-13342 | 1 Linhandante | 1 Anda | 2019-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| The server API in the Anda app relies on hardcoded credentials. | |||||
| CVE-2018-19233 | 1 Comparex | 1 Miss Marple | 2019-01-08 | 2.1 LOW | 7.8 HIGH |
| COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file. | |||||
| CVE-2018-18006 | 1 Ricoh | 1 Myprint | 2019-01-03 | 7.5 HIGH | 9.8 CRITICAL |
| Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files. | |||||
| CVE-2018-0468 | 1 Cisco | 1 Energy Management Suite | 2019-01-02 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default access credentials. An attacker could exploit this vulnerability by logging in to the machine where CEMS is installed and establishing a local connection to the database. The fix for this vulnerability randomizes the database access password in new installations; however, the fix will not change the password for existing installations. Users are required to manually change the password, as documented in the Workarounds section of this advisory. There are workarounds that address this vulnerability. | |||||
| CVE-2018-9073 | 1 Lenovo | 2 Chassis Management Module, Chassis Management Module Firmware | 2018-12-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets. | |||||
| CVE-2018-0680 | 1 Neo | 2 Debun Imap, Debun Pop | 2018-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to read/send mail or change the configuration. | |||||
| CVE-2018-0681 | 1 Neo | 2 Debun Imap, Debun Pop | 2018-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to login to the Management page and change the configuration. | |||||