Total
1268 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15975 | 1 Cisco | 1 Data Center Network Manager | 2024-09-17 | 9.8 Critical |
| Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2018-8856 | 1 Philips | 1 E-alert Firmware | 2024-09-17 | N/A |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data. | ||||
| CVE-2022-20773 | 1 Cisco | 1 Umbrella | 2024-09-17 | 7.5 High |
| A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA. | ||||
| CVE-2019-13658 | 1 Broadcom | 1 Network Flow Analysis | 2024-09-17 | 9.8 Critical |
| CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | ||||
| CVE-2018-14801 | 1 Philips | 10 Pagewriter Tc10, Pagewriter Tc10 Firmware, Pagewriter Tc20 and 7 more | 2024-09-17 | N/A |
| In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. | ||||
| CVE-2021-34812 | 1 Synology | 1 Calendar | 2024-09-17 | 5.8 Medium |
| Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2017-15909 | 1 Dlink | 2 Dgs-1500, Dgs-1500 Firmware | 2024-09-17 | N/A |
| D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. | ||||
| CVE-2018-1887 | 1 Ibm | 1 Security Access Manager | 2024-09-17 | N/A |
| IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078. | ||||
| CVE-2020-3928 | 1 Usavisionsys | 10 Geovision Gv-as1010, Geovision Gv-as1010 Firmware, Geovision Gv-as210 and 7 more | 2024-09-17 | 6.2 Medium |
| GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices. | ||||
| CVE-2021-35961 | 1 Secom | 1 Dr.id Access Control | 2024-09-17 | 9.8 Critical |
| Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission. | ||||
| CVE-2022-2107 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2024-09-17 | 9.8 Critical |
| The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number. | ||||
| CVE-2019-15977 | 1 Cisco | 1 Data Center Network Manager | 2024-09-17 | 7.5 High |
| Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-0279 | 1 Juniper | 1 Contrail Cloud | 2024-09-17 | 8.6 High |
| Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0. | ||||
| CVE-2018-4846 | 1 Siemens | 6 Rapidlab 1200, Rapidlab 1200 Firmware, Rapidpoint 400 and 3 more | 2024-09-17 | N/A |
| A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). A factory account with hardcoded password might allow attackers access to the device over port 5900/tcp. Successful exploitation requires no user interaction or privileges and impacts the confidentiality, integrity, and availability of the affected device. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue. | ||||
| CVE-2018-10633 | 1 Universal-robots | 2 Cb3.1, Cb3.1 Firmware | 2024-09-17 | N/A |
| Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller. | ||||
| CVE-2022-30627 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-09-17 | 5.7 Medium |
| This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b20200706. This vulnerability makes it possible to extract from the FW the existing user passwords on their operating systems and passwords. | ||||
| CVE-2017-9956 | 1 Schneider-electric | 1 U.motion Builder | 2024-09-17 | N/A |
| An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass | ||||
| CVE-2022-38069 | 1 Contechealth | 2 Cms8000, Cms8000 Firmware | 2024-09-17 | 4.3 Medium |
| Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device parameters | ||||
| CVE-2022-26671 | 1 Secom | 2 Dr.id Access Control, Dr.id Attendance System | 2024-09-17 | 7.3 High |
| Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service. | ||||
| CVE-2022-26138 | 1 Atlassian | 3 Confluence Data Center, Confluence Server, Questions For Confluence | 2024-09-17 | 9.8 Critical |
| The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app. | ||||