Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39584 | 1 Dell | 40 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R13 and 37 more | 2024-12-20 | N/A | 8.2 HIGH |
| Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution. | |||||
| CVE-2024-10476 | 2024-12-17 | N/A | 8.0 HIGH | ||
| Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys™ Informatics Solution is only in scope of this vulnerability when installed on a NUC server. BD Synapsys™ Informatics Solution installed on a customer-provided virtual machine or on the BD Kiestra™ SCU hardware is not in scope. | |||||
| CVE-2024-12286 | 2024-12-10 | N/A | 9.8 CRITICAL | ||
| MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials. | |||||
| CVE-2024-45068 | 2024-12-03 | N/A | 7.1 HIGH | ||
| Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA. This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01. | |||||
| CVE-2024-7898 | 1 Tosei-corporation | 1 Online Store Management System | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6535 | 1 Redhat | 1 Service Interconnect | 2024-11-21 | N/A | 5.3 MEDIUM |
| A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie. | |||||
| CVE-2024-5632 | 2024-11-21 | N/A | N/A | ||
| Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. A user is neither advised to change it during the installation process, nor such a need is described in the manual. As the cameras from the same kit connect automatically, it is very probable for the default password to be left unchanged. | |||||
| CVE-2024-4007 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. | |||||
| CVE-2024-31069 | 2024-11-21 | N/A | 7.4 HIGH | ||
| IO-1020 Micro ELD web server uses a default password for authentication. | |||||
| CVE-2024-28093 | 2024-11-21 | N/A | 8.8 HIGH | ||
| The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. | |||||
| CVE-2024-27158 | 2024-11-21 | N/A | 7.4 HIGH | ||
| All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2023-49621 | 1 Siemens | 1 Simatic Cn 4100 | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device. | |||||
| CVE-2023-3703 | 1 Proscend | 40 A510-f1, A510-f1 Firmware, A510-l1 and 37 more | 2024-11-21 | N/A | 10.0 CRITICAL |
| Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials | |||||
| CVE-2023-30603 | 1 Hitrontech | 2 Coda-5310, Coda-5310 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service. | |||||
| CVE-2024-6245 | 2024-11-07 | N/A | 7.4 HIGH | ||
| Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue affects SmartPlay: 66T0.05.50. | |||||
| CVE-2024-39747 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2024-09-16 | N/A | 9.8 CRITICAL |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. | |||||
| CVE-2024-7746 | 1 Traccar | 1 Traccar | 2024-08-22 | N/A | 9.8 CRITICAL |
| Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected by the authentication mechanism. These transactions could have an impact on any sensitive aspect of the platform, including Confidentiality, Integrity and Availability. | |||||