Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9486 | 1 Kubernetes | 1 Image Builder | 2024-11-08 | 9.8 Critical |
| A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider. | ||||
| CVE-2024-6245 | 2024-11-07 | 7.4 High | ||
| Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue affects SmartPlay: 66T0.05.50. | ||||
| CVE-2024-28093 | 1 Adtran | 1 Netvanta 3120 Firmware | 2024-10-28 | 8.8 High |
| The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. | ||||
| CVE-2023-30603 | 1 Hitrontech | 2 Coda-5310, Coda-5310 Firmware | 2024-10-14 | 9.8 Critical |
| Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service. | ||||
| CVE-2023-3703 | 1 Proscend | 41 A510-f1, A510-f1 Firmware, A510-l1 and 38 more | 2024-09-30 | 10 Critical |
| Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials | ||||
| CVE-2024-7898 | 2 Tosei, Tosei-corporation | 2 Online Store Management System, Online Store Management System | 2024-09-27 | 7.3 High |
| A vulnerability classified as critical was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-29844 | 1 Cs Technologies | 1 Evolution Controller | 2024-09-25 | 9.8 Critical |
| Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password. | ||||
| CVE-2024-6535 | 1 Redhat | 1 Service Interconnect | 2024-09-18 | 5.3 Medium |
| A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie. | ||||
| CVE-2024-39747 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2024-09-16 | 8.1 High |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. | ||||
| CVE-2023-40704 | 1 Philips | 1 Vue Pacs | 2024-09-05 | 7.1 High |
| Philips Vue PACS uses default credentials for potentially critical functionality. | ||||
| CVE-2024-39584 | 1 Dell | 7 Alienware Area 51m R2 Firmware, Alienware Aurora R15 Amd Firmware, Alienware M15 R3 Firmware and 4 more | 2024-08-28 | 8.2 High |
| Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution. | ||||
| CVE-2023-43844 | 2024-08-22 | 8.0 High | ||
| Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the web interface and gain administrator privileges. | ||||
| CVE-2024-7746 | 1 Traccar | 2 Server, Traccar | 2024-08-22 | 9.8 Critical |
| Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected by the authentication mechanism. These transactions could have an impact on any sensitive aspect of the platform, including Confidentiality, Integrity and Availability. | ||||
| CVE-2020-21514 | 1 Fluentd | 2 Fluentd, Fluentd-ui | 2024-08-04 | 8.8 High |
| An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password. | ||||
| CVE-2023-49621 | 1 Siemens | 1 Simatic Cn 4100 | 2024-08-02 | 9.8 Critical |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device. | ||||
| CVE-2023-30801 | 1 Qbittorrent | 1 Qbittorrent | 2024-08-02 | 9.8 Critical |
| All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023. | ||||
| CVE-2024-31069 | 2024-08-02 | 7.4 High | ||
| IO-1020 Micro ELD web server uses a default password for authentication. | ||||
| CVE-2024-30210 | 2024-08-02 | 7.4 High | ||
| IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device. | ||||
| CVE-2024-27158 | 2024-08-02 | 7.4 High | ||
| All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-5632 | 2024-08-01 | N/A | ||
| Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. A user is neither advised to change it during the installation process, nor such a need is described in the manual. As the cameras from the same kit connect automatically, it is very probable for the default password to be left unchanged. | ||||