Total
1524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10308 | 1 Siklu | 7 Etherhaul-5500fd, Etherhaul 500tx, Etherhaul 60ghz V-band Radio and 4 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it. | |||||
| CVE-2014-8426 | 1 Barracuda | 1 Load Balancer | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. | |||||
| CVE-2017-4976 | 1 Emc | 1 Esrs Policy Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server. | |||||
| CVE-2017-9852 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected | |||||
| CVE-2017-7462 | 1 Intellinet-network | 2 Nfc-30ir, Nfc-30ir Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory. | |||||
| CVE-2017-12317 | 1 Cisco | 1 Advanced Malware Protection | 2025-04-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Cisco Bug IDs: CSCvg42904. | |||||
| CVE-2017-11380 | 1 Trendmicro | 1 Deep Discovery Director | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1. | |||||
| CVE-2017-14374 | 1 Dell | 1 Storage Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance). | |||||
| CVE-2017-6054 | 1 Hyundaiusa | 1 Blue Link | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information. | |||||
| CVE-2017-6131 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 6 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH. | |||||
| CVE-2022-37832 | 1 Mutiny | 1 Mutiny | 2025-04-18 | N/A | 9.8 CRITICAL |
| Mutiny 7.2.0-10788 suffers from Hardcoded root password. | |||||
| CVE-2021-22644 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | N/A | 7.5 HIGH |
| Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. | |||||
| CVE-2022-36222 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2025-04-16 | N/A | 8.4 HIGH |
| Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. | |||||
| CVE-2024-22083 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | N/A | 6.5 MEDIUM |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks. | |||||
| CVE-2023-41612 | 1 Govicture | 2 Pc420, Pc420 Firmware | 2025-04-14 | N/A | 8.8 HIGH |
| Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card. | |||||
| CVE-2023-41611 | 1 Govicture | 2 Pc420, Pc420 Firmware | 2025-04-14 | N/A | 6.5 MEDIUM |
| Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data. | |||||
| CVE-2023-41610 | 1 Govicture | 2 Pc420, Pc420 Firmware | 2025-04-14 | N/A | 8.8 HIGH |
| Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext. | |||||
| CVE-2022-45425 | 1 Dahuasecurity | 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more | 2025-04-14 | N/A | 7.5 HIGH |
| Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability. | |||||
| CVE-2016-3685 | 3 Apple, Microsoft, Sap | 3 Macos, Windows, Download Manager | 2025-04-12 | 1.9 LOW | 4.7 MEDIUM |
| SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338. | |||||
| CVE-2016-5333 | 1 Vmware | 1 Photon Os | 2025-04-12 | 9.3 HIGH | 9.8 CRITICAL |
| VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | |||||