Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6535 | 1 Redhat | 1 Service Interconnect | 2024-07-25 | N/A | 5.3 MEDIUM |
| A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie. | |||||
| CVE-2023-40704 | 2024-07-19 | N/A | 7.1 HIGH | ||
| Philips Vue PACS uses default credentials for potentially critical functionality. | |||||
| CVE-2024-5632 | 2024-07-10 | N/A | N/A | ||
| Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. A user is neither advised to change it during the installation process, nor such a need is described in the manual. As the cameras from the same kit connect automatically, it is very probable for the default password to be left unchanged. | |||||
| CVE-2024-27158 | 2024-07-04 | N/A | 7.4 HIGH | ||
| All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-4007 | 2024-07-01 | N/A | 8.8 HIGH | ||
| Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. | |||||
| CVE-2024-5245 | 2024-05-24 | N/A | 7.8 HIGH | ||
| NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of default MySQL credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22755. | |||||
| CVE-2024-4622 | 2024-05-15 | N/A | N/A | ||
| If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator. | |||||
| CVE-2024-30210 | 2024-04-15 | N/A | 7.4 HIGH | ||
| IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device. | |||||
| CVE-2024-31069 | 2024-04-15 | N/A | 7.4 HIGH | ||
| IO-1020 Micro ELD web server uses a default password for authentication. | |||||
| CVE-2024-29844 | 2024-04-15 | N/A | 9.8 CRITICAL | ||
| Default credentials on the Web Interface of Evolution Controller 2.x (123 and 123) allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password. | |||||
| CVE-2023-49621 | 1 Siemens | 1 Simatic Cn 4100 | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device. | |||||
| CVE-2023-30801 | 1 Qbittorrent | 1 Qbittorrent | 2023-11-30 | N/A | 9.8 CRITICAL |
| All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023. | |||||
| CVE-2023-3703 | 1 Proscend | 40 A510-f1, A510-f1 Firmware, A510-l1 and 37 more | 2023-09-07 | N/A | 9.8 CRITICAL |
| Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials | |||||