Total
1328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5816 | 1 Westermo | 8 Mrd-305-din, Mrd-305-din Firmware, Mrd-315-din and 5 more | 2024-11-21 | N/A |
| A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. | ||||
| CVE-2016-5678 | 1 Nuuo | 2 Nvrmini 2, Nvrsolo | 2024-11-21 | N/A |
| NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | ||||
| CVE-2016-5333 | 1 Vmware | 1 Photon Os | 2024-11-21 | N/A |
| VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | ||||
| CVE-2016-5081 | 1 Zmodo | 2 Zp-ibh-13w, Zp-ne-14-s | 2024-11-21 | N/A |
| ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session. | ||||
| CVE-2016-4457 | 1 Redhat | 2 Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | N/A |
| CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. | ||||
| CVE-2016-3953 | 1 Web2py | 1 Web2py | 2024-11-21 | N/A |
| The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function. | ||||
| CVE-2016-3685 | 3 Apple, Microsoft, Sap | 3 Macos, Windows, Download Manager | 2024-11-21 | N/A |
| SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338. | ||||
| CVE-2016-2948 | 1 Ibm | 1 Bigfix Remote Control | 2024-11-21 | N/A |
| IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. | ||||
| CVE-2016-2360 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | ||||
| CVE-2016-2358 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. | ||||
| CVE-2016-2357 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. | ||||
| CVE-2016-2310 | 1 Ge | 8 Multilink Firmware, Multilink Ml1200, Multilink Ml1600 and 5 more | 2024-11-21 | 9.8 Critical |
| General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. | ||||
| CVE-2016-1560 | 1 Exagrid | 16 Ex10000e, Ex10000e Firmware, Ex13000e and 13 more | 2024-11-21 | N/A |
| ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. | ||||
| CVE-2016-10928 | 1 Onelogin | 1 Onelogin Saml Sso | 2024-11-21 | N/A |
| The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users. | ||||
| CVE-2016-10308 | 1 Siklu | 7 Etherhaul-5500fd, Etherhaul 500tx, Etherhaul 60ghz V-band Radio and 4 more | 2024-11-21 | N/A |
| Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it. | ||||
| CVE-2016-10307 | 1 Gotrango | 10 Apex Lynx, Apex Lynx Firmware, Apex Orion and 7 more | 2024-11-21 | 9.8 Critical |
| Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | ||||
| CVE-2016-10306 | 1 Trango | 4 A600-19-us, A600-25-us, A600-ext-us and 1 more | 2024-11-21 | N/A |
| Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | ||||
| CVE-2016-10305 | 1 Gotrango | 22 Apex, Apex Firmware, Apex Lynx and 19 more | 2024-11-21 | 9.8 Critical |
| Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | ||||
| CVE-2016-10179 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607. | ||||
| CVE-2016-10177 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234. | ||||