Total
1224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25688 | 1 Redhat | 1 Advanced Cluster Management For Kubernetes | 2020-12-08 | 2.7 LOW | 3.5 LOW |
| A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible. | |||||
| CVE-2020-28329 | 1 Barco | 2 Wepresent Wipg-1600w, Wepresent Wipg-1600w Firmware | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. | |||||
| CVE-2020-29376 | 1 Vsolcn | 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more | 2020-12-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@l#y$z%x6x7q8c9z) password for the admin account to authenticate to the TELNET service. | |||||
| CVE-2020-29375 | 1 Vsolcn | 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more | 2020-12-03 | 4.0 MEDIUM | 8.8 HIGH |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user. | |||||
| CVE-2020-29377 | 1 Vsolcn | 2 V1600d, V1600d Firmware | 2020-12-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The string K0LTdi@gnos312$ is compared to the password provided by the the remote attacker. If it matches, access is provided. | |||||
| CVE-2020-28334 | 1 Barco | 2 Wepresent Wipg-1600w, Wepresent Wipg-1600w Firmware | 2020-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell. | |||||
| CVE-2020-29383 | 1 Vsolcn | 4 V1600d-mini, V1600d-mini Firmware, V1600d4l and 1 more | 2020-12-01 | 2.1 LOW | 7.8 HIGH |
| An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key (specific to V1600D4L and V1600D-MINI) is contained in the firmware images. | |||||
| CVE-2020-29382 | 1 Vsolcn | 6 V1600d, V1600d Firmware, V1600g1 and 3 more | 2020-12-01 | 2.1 LOW | 7.8 HIGH |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images. | |||||
| CVE-2020-26509 | 1 Airleader | 3 Airleader Easy, Airleader Master, Airleader Master Control | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service. | |||||
| CVE-2020-5667 | 1 Wantedlyinc | 1 Studyplus | 2020-11-17 | 2.1 LOW | 5.5 MEDIUM |
| Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | |||||
| CVE-2020-11487 | 2 Intel, Nvidia | 4 Bmc Firmware, Dgx-1, Dgx-2 and 1 more | 2020-11-12 | 5.0 MEDIUM | 7.5 HIGH |
| NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may lead to information disclosure. | |||||
| CVE-2020-27689 | 1 Imomobile | 2 Verve Connect Vh510, Verve Connect Vh510 Firmware | 2020-11-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version. | |||||
| CVE-2020-11483 | 2 Intel, Nvidia | 3 Bmc Firmware, Dgx-1, Dgx-2 | 2020-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information disclosure. | |||||
| CVE-2020-11615 | 2 Intel, Nvidia | 2 Bmc Firmware, Dgx-1 | 2020-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure. | |||||
| CVE-2020-16258 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2020-11-04 | 5.6 MEDIUM | 7.1 HIGH |
| Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials. | |||||
| CVE-2020-26879 | 1 Commscope | 2 Ruckus Iot Module, Ruckus Vriot | 2020-11-02 | 10.0 HIGH | 9.8 CRITICAL |
| Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header. | |||||
| CVE-2020-24215 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2020-10-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution. | |||||
| CVE-2020-24218 | 1 Szuray | 95 Iptv\/h.264 Video Encoder Firmware, Iptv\/h.265 Video Encoder Firmware, Uaioe264-1u and 92 more | 2020-10-19 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file. | |||||
| CVE-2019-9533 | 1 Cobham | 2 Explorer 710, Explorer 710 Firmware | 2020-10-16 | 10.0 HIGH | 9.8 CRITICAL |
| The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device. | |||||
| CVE-2019-17098 | 1 August | 3 August Home, Connect Wi-fi Bridge, Connect Wi-fi Bridge Firmware | 2020-10-08 | 3.3 LOW | 6.5 MEDIUM |
| Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions. | |||||