Total
1390 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4327 | 1 Hcltech | 1 Appscan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | |||||
| CVE-2019-4309 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. | |||||
| CVE-2019-4220 | 1 Ibm | 2 Infosphere Information Server On Cloud, Watson Knowledge Catalog | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229. | |||||
| CVE-2019-3983 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. | |||||
| CVE-2019-3950 | 1 Arlo | 10 Vmb3010, Vmb3010 Firmware, Vmb3500 and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to. | |||||
| CVE-2019-3939 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device. | |||||
| CVE-2019-3938 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords. | |||||
| CVE-2019-3932 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge. | |||||
| CVE-2019-3918 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces. | |||||
| CVE-2019-3908 | 1 Identicard | 1 Premisys Id | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data. | |||||
| CVE-2019-3906 | 1 Identicard | 1 Premisys Id | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents. | |||||
| CVE-2019-3710 | 1 Dell | 1 Emc Networking Os10 | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges. | |||||
| CVE-2019-3497 | 1 Indionetworks | 2 Unibox, Unibox Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | |||||
| CVE-2019-3496 | 1 Indionetworks | 2 Unibox, Unibox Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | |||||
| CVE-2019-3495 | 1 Indionetworks | 2 Unibox, Unibox Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | |||||
| CVE-2019-25021 | 1 Scytl | 1 Secure Vote | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code. | |||||
| CVE-2019-20656 | 1 Netgear | 30 D6200, D6200 Firmware, D7000 and 27 more | 2024-11-21 | 3.3 LOW | 8.8 HIGH |
| Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62. | |||||
| CVE-2019-20471 | 1 Tk-star | 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470. | |||||
| CVE-2019-20025 | 1 Nec | 2 Sv9100, Sv9100 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privilege level. An attacker could exploit this vulnerability by using this account to remotely log into an affected device. A successful exploit could allow the attacker to log into the device with manufacturer level access. This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. This vulnerability does not affect SV9100 software releases prior to 6.0. | |||||
| CVE-2019-1935 | 1 Cisco | 3 Integrated Management Controller Supervisor, Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database. | |||||