Total
1529 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9488 | 1 Cisco | 4 Dpc3939, Dpc3939 Firmware, Dpc3941t and 1 more | 2025-04-20 | N/A |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded credentials. This wan0 interface cannot be accessed from the public Internet. | ||||
| CVE-2016-0726 | 1 Nagios | 1 Nagios | 2025-04-20 | N/A |
| The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | ||||
| CVE-2016-10125 | 1 Dlink | 13 Dgs-1100-05, Dgs-1100-05pd, Dgs-1100-08 and 10 more | 2025-04-20 | N/A |
| D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | ||||
| CVE-2016-8567 | 1 Siemens | 1 Sicam Pas\/pqs | 2025-04-20 | 9.8 Critical |
| An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP. | ||||
| CVE-2016-8361 | 1 Lynxspring | 1 Jenesys Bas Bridge | 2025-04-20 | N/A |
| An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication. | ||||
| CVE-2014-8426 | 1 Barracuda | 1 Load Balancer | 2025-04-20 | N/A |
| Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. | ||||
| CVE-2017-9132 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2025-04-20 | N/A |
| A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether it be an AP, Client, or Backhaul model), an attacker can view all the messages being sent between the devices. If an attacker connects to an AP, the AP will leak information about any clients connected to it, including the serial numbers, which can be used to remotely factory reset the clients via a page in their web interface. | ||||
| CVE-2015-2887 | 1 Ibaby | 2 M3s Baby Monitor, M3s Baby Monitor Firmware | 2025-04-20 | N/A |
| iBaby M3S has a password of admin for the backdoor admin account. | ||||
| CVE-2016-10308 | 1 Siklu | 7 Etherhaul-5500fd, Etherhaul 500tx, Etherhaul 60ghz V-band Radio and 4 more | 2025-04-20 | N/A |
| Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it. | ||||
| CVE-2015-2867 | 1 Trane | 1 Comfortlink Ii Firmware | 2025-04-20 | N/A |
| A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. | ||||
| CVE-2016-4457 | 1 Redhat | 2 Cloudforms Management Engine, Cloudforms Managementengine | 2025-04-20 | N/A |
| CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. | ||||
| CVE-2017-11743 | 1 Medhost | 1 Connex | 2025-04-20 | N/A |
| MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to intercept sensitive patient information. The admin account password is hard-coded as $K8t1ng throughout the application, and is the same across all installations. Customers do not have the option to change the Mirth Connect admin account password. The Mirth Connect admin account is created during the Connex install. The plaintext account password is hard-coded multiple times in the Connex install and update scripts. | ||||
| CVE-2016-1560 | 1 Exagrid | 16 Ex10000e, Ex10000e Firmware, Ex13000e and 13 more | 2025-04-20 | N/A |
| ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. | ||||
| CVE-2016-10177 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 9.8 Critical |
| An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234. | ||||
| CVE-2016-10179 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 7.5 High |
| An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607. | ||||
| CVE-2016-5818 | 1 Schneider-electric | 2 Powerlogic Pm8ecc, Powerlogic Pm8ecc Firmware | 2025-04-20 | N/A |
| An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. | ||||
| CVE-2017-8077 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2025-04-20 | N/A |
| On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | ||||
| CVE-2016-5816 | 1 Westermo | 8 Mrd-305-din, Mrd-305-din Firmware, Mrd-315-din and 5 more | 2025-04-20 | N/A |
| A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. | ||||
| CVE-2017-11026 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys. | ||||
| CVE-2017-7648 | 1 Foscam | 12 C1, C1 Lite, C2 and 9 more | 2025-04-20 | N/A |
| Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | ||||