Total
1269 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6530 | 1 Dentsply Sirona | 1 Cdr Dicom | 2024-08-06 | N/A |
| Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords. | ||||
| CVE-2016-5816 | 1 Westermo | 8 Mrd-305-din, Mrd-305-din Firmware, Mrd-315-din and 5 more | 2024-08-06 | N/A |
| A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. | ||||
| CVE-2016-5818 | 1 Schneider-electric | 2 Powerlogic Pm8ecc, Powerlogic Pm8ecc Firmware | 2024-08-06 | N/A |
| An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. | ||||
| CVE-2016-5678 | 1 Nuuo | 2 Nvrmini 2, Nvrsolo | 2024-08-06 | N/A |
| NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | ||||
| CVE-2016-5333 | 1 Vmware | 1 Photon Os | 2024-08-06 | N/A |
| VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | ||||
| CVE-2016-5081 | 1 Zmodo | 2 Zp-ibh-13w, Zp-ne-14-s | 2024-08-06 | N/A |
| ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session. | ||||
| CVE-2016-4457 | 1 Redhat | 2 Cloudforms Management Engine, Cloudforms Managementengine | 2024-08-06 | N/A |
| CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. | ||||
| CVE-2016-3953 | 1 Web2py | 1 Web2py | 2024-08-06 | N/A |
| The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function. | ||||
| CVE-2016-3685 | 3 Apple, Microsoft, Sap | 3 Macos, Windows, Download Manager | 2024-08-06 | N/A |
| SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338. | ||||
| CVE-2016-2948 | 1 Ibm | 1 Bigfix Remote Control | 2024-08-05 | N/A |
| IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. | ||||
| CVE-2016-2357 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-08-05 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. | ||||
| CVE-2016-2360 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-08-05 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | ||||
| CVE-2016-2358 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-08-05 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. | ||||
| CVE-2016-2310 | 1 Ge | 8 Multilink Firmware, Multilink Ml1200, Multilink Ml1600 and 5 more | 2024-08-05 | 9.8 Critical |
| General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. | ||||
| CVE-2016-1560 | 1 Exagrid | 16 Ex10000e, Ex10000e Firmware, Ex13000e and 13 more | 2024-08-05 | N/A |
| ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. | ||||
| CVE-2016-0726 | 1 Nagios | 1 Nagios | 2024-08-05 | N/A |
| The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | ||||
| CVE-2016-0235 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-08-05 | N/A |
| IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326. | ||||
| CVE-2017-20039 | 1 Sicunet | 1 Access Control | 2024-08-05 | 9.8 Critical |
| A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely. | ||||
| CVE-2017-18373 | 1 Billion | 2 5200w-t, 5200w-t Firmware | 2024-08-05 | N/A |
| The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes. | ||||
| CVE-2017-18371 | 2 Billion, Zyxel | 6 5200w-t, 5200w-t Firmware, P660hn-t1a V1 and 3 more | 2024-08-05 | N/A |
| The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes. | ||||