Total
1364 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9132 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether it be an AP, Client, or Backhaul model), an attacker can view all the messages being sent between the devices. If an attacker connects to an AP, the AP will leak information about any clients connected to it, including the serial numbers, which can be used to remotely factory reset the clients via a page in their web interface. | |||||
| CVE-2017-7574 | 1 Schneider-electric | 3 Modicon Tm221ce16r, Modicon Tm221ce16r Firmware, Somachine | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. | |||||
| CVE-2017-11129 | 1 Stashcat | 1 Heinekingmedia | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user. | |||||
| CVE-2017-7462 | 1 Intellinet-network | 2 Nfc-30ir, Nfc-30ir Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory. | |||||
| CVE-2017-10616 | 1 Juniper | 1 Contrail | 2025-04-20 | 6.4 MEDIUM | 5.3 MEDIUM |
| The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). | |||||
| CVE-2015-2867 | 1 Trane | 1 Comfortlink Ii Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. | |||||
| CVE-2017-12860 | 1 Epson | 1 Easymp | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded "backdoor" code (2270), which authenticates to all devices. | |||||
| CVE-2017-12239 | 1 Cisco | 1 Ios Xe | 2025-04-20 | 7.2 HIGH | 6.8 MEDIUM |
| A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132. | |||||
| CVE-2017-3184 | 1 Acti | 1 Camera Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186). | |||||
| CVE-2017-14021 | 1 Korenix | 18 Jetnet5018g Firmware, Jetnet5310g Firmware, Jetnet5428g-2g-2fx Firmware and 15 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks. | |||||
| CVE-2017-6131 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 6 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH. | |||||
| CVE-2016-1560 | 1 Exagrid | 16 Ex10000e, Ex10000e Firmware, Ex13000e and 13 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. | |||||
| CVE-2016-10177 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234. | |||||
| CVE-2017-14421 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session. | |||||
| CVE-2017-12350 | 1 Cisco | 1 Umbrella Insights Virtual Appliance | 2025-04-20 | 7.2 HIGH | 8.2 HIGH |
| A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220. | |||||
| CVE-2017-2283 | 1 Iodata | 2 Wn-g300r3, Wn-g300r3 Firmware | 2025-04-20 | 5.8 MEDIUM | 8.0 HIGH |
| WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | |||||
| CVE-2017-6558 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. | |||||
| CVE-2017-6039 | 1 Phoenixbroadband | 2 Poweragent Sc3 Bms, Poweragent Sc3 Bms Firmware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device. | |||||
| CVE-2017-9932 | 1 Greenpacket | 2 Dx-350, Dx-350 Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account. | |||||
| CVE-2016-5816 | 1 Westermo | 8 Mrd-305-din, Mrd-305-din Firmware, Mrd-315-din and 5 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. | |||||