Total
1224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0663 | 1 Iodata | 6 Ts-wrla, Ts-wrla Firmware, Ts-wrlp and 3 more | 2018-11-01 | 9.0 HIGH | 8.8 HIGH |
| Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. | |||||
| CVE-2018-15808 | 1 Posim | 1 Evo | 2018-10-26 | 10.0 HIGH | 9.8 CRITICAL |
| POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients. | |||||
| CVE-2018-13820 | 1 Ca | 1 Unified Infrastructure Management | 2018-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | |||||
| CVE-2018-13819 | 1 Ca | 1 Unified Infrastructure Management | 2018-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | |||||
| CVE-2018-14943 | 1 Harmonicinc | 2 Nsg 9000, Nsg 9000 Firmware | 2018-10-17 | 10.0 HIGH | 9.8 CRITICAL |
| Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account. | |||||
| CVE-2015-4667 | 1 Xceedium | 1 Xsuite | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple hardcoded credentials in Xsuite 2.x. | |||||
| CVE-2014-6617 | 1 Industrial.softing | 2 Fg-100 Pb Profibus, Fg-100 Pb Profibus Firmware | 2018-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | |||||
| CVE-2018-9068 | 2 Ibm, Lenovo | 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more | 2018-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI. | |||||
| CVE-2018-10575 | 1 Watchguard | 6 Ap100, Ap100 Firmware, Ap102 and 3 more | 2018-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false. | |||||
| CVE-2018-0038 | 1 Juniper | 1 Contrail Service Orchestration | 2018-09-06 | 7.5 HIGH | 9.8 CRITICAL |
| Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra. | |||||
| CVE-2018-11641 | 1 Dialogic | 1 Powermedia Xms | 2018-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service. | |||||
| CVE-2018-10328 | 1 Momentum | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2018-08-30 | 3.3 LOW | 7.4 HIGH |
| Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream. | |||||
| CVE-2018-12924 | 1 Eztcp | 16 Cie-h10, Cie-h10 Firmware, Cie-h12 and 13 more | 2018-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service. | |||||
| CVE-2018-12526 | 1 Telesquare | 4 Sdt-cs3b1, Sdt-cs3b1 Firmware, Sdt-cw3b1 and 1 more | 2018-08-14 | 10.0 HIGH | 9.8 CRITICAL |
| Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account. | |||||
| CVE-2018-12323 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2018-08-14 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console. | |||||
| CVE-2014-3413 | 1 Juniper | 1 Junos Space | 2018-08-10 | 10.0 HIGH | 9.8 CRITICAL |
| The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access. | |||||
| CVE-2018-10813 | 1 Aprendecondedos | 1 Dedos-web | 2018-07-20 | 7.5 HIGH | 7.3 HIGH |
| In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this could lead to privilege escalation. | |||||
| CVE-2018-10966 | 1 Gamerpolls | 1 Gamerpolls | 2018-07-20 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret. | |||||
| CVE-2018-11482 | 1 Tp-link | 8 Ipc Tl-ipc223\(p\)-6, Ipc Tl-ipc223\(p\)-6 Firmware, Tl-ipc323k-d and 5 more | 2018-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| /usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. | |||||
| CVE-2018-11311 | 1 Myscada | 1 Mypro | 2018-06-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials. | |||||