Total
1224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8415 | 1 Dlink | 4 Dcs-1100, Dcs-1100 Firmware, Dcs-1130 and 1 more | 2021-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the user at address 0x000538E0 and performs a strcmp at address 0x00053908 to check if the password is correct or incorrect. However, the /etc/shadow file is a part of CRAM-FS filesystem which means that the user cannot change the password and hence a hardcoded hash in /etc/shadow is used to match the credentials provided by the user. This is a salted hash of the string "admin" and hence it acts as a password to the device which cannot be changed as the whole filesystem is read only. | |||||
| CVE-2016-10179 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607. | |||||
| CVE-2016-10177 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2021-04-23 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234. | |||||
| CVE-2018-18007 | 1 Dlink | 2 Dsl-2770l, Dsl-2770l Firmware | 2021-04-23 | 5.0 MEDIUM | 9.8 CRITICAL |
| atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials. | |||||
| CVE-2018-6210 | 1 Dlink | 2 Dir-620, Dir-620 Firmware | 2021-04-23 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. | |||||
| CVE-2017-11436 | 1 Dlink | 1 Dir-615 | 2021-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. | |||||
| CVE-2019-10881 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2021-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled. | |||||
| CVE-2018-18009 | 1 Dlink | 4 Dir-140l, Dir-140l Firmware, Dir-640l and 1 more | 2021-04-23 | 5.0 MEDIUM | 9.8 CRITICAL |
| dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials. | |||||
| CVE-2020-14099 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2021-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password. | |||||
| CVE-2019-13658 | 1 Broadcom | 1 Network Flow Analysis | 2021-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | |||||
| CVE-2016-2310 | 1 Ge | 8 Multilink Firmware, Multilink Ml1200, Multilink Ml1600 and 5 more | 2021-03-29 | 10.0 HIGH | 9.8 CRITICAL |
| General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. | |||||
| CVE-2020-27278 | 1 Hamilton-medical | 2 Hamilton-t1, Hamilton-t1 Firmware | 2021-03-22 | 3.6 LOW | 5.2 MEDIUM |
| In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface. | |||||
| CVE-2020-28952 | 1 Homey | 4 Homey, Homey Firmware, Homey Pro and 1 more | 2021-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all inter-device communication is encrypted. However, the cited Athom products use another widely known key that is designed for testing purposes: "01030507090b0d0f00020406080a0c0d" (the decimal equivalent of 1 3 5 7 9 11 13 15 0 2 4 6 8 10 12 13), which is human generated and static across all issued devices. | |||||
| CVE-2020-29060 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account. | |||||
| CVE-2020-29059 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default panger123 password for the suma123 account for certain old firmware. | |||||
| CVE-2020-29062 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default blank password for the guest account. | |||||
| CVE-2020-29061 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default root126 password for the root account. | |||||
| CVE-2021-20442 | 2 Ibm, Microsoft | 2 Security Verify Bridge, Windows | 2021-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618. | |||||
| CVE-2019-25021 | 1 Scytl | 1 Secure Vote | 2021-03-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code. | |||||
| CVE-2020-7846 | 1 Cnesty | 1 Helpcom | 2021-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page. | |||||