Total
1388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12726 | 1 Smiths-medical | 1 Medfusion 4000 Wireless Syringe Infusion Pump | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that it is not possible to upload files via Telnet and the impact of this vulnerability is limited to the communications module. | |||||
| CVE-2017-12725 | 1 Smiths-medical | 1 Medfusion 4000 Wireless Syringe Infusion Pump | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
| A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Ethernet connected and active; however, if the wireless association is established and the Ethernet cable is attached, the pump does not attach the network stack to the wireless network. In this scenario, all network traffic is instead directed over the wired Ethernet connection. | |||||
| CVE-2017-12724 | 1 Smiths-medical | 1 Medfusion 4000 Wireless Syringe Infusion Pump | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections. | |||||
| CVE-2017-12577 | 1 Planex | 3 Cs-qr20, Cs-qr20 Firmware, Smacam Night Vision | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission. | |||||
| CVE-2017-12574 | 1 Planex | 2 Cs-w50hd, Cs-w50hd Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted. | |||||
| CVE-2017-11634 | 1 - | 1 Wireless Ip Camera 360 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password of 123456. | |||||
| CVE-2017-11632 | 1 - | 1 Wireless Ip Camera 360 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session. | |||||
| CVE-2016-9495 | 1 Hughes | 8 Dw7000, Dw7000 Firmware, Hn7000s and 5 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices. | |||||
| CVE-2016-9335 | 1 Redlion | 4 Sixnet-managed Industrial Switches, Sixnet-managed Industrial Switches Firmware, Stride-managed Ethernet Switches and 1 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174. | |||||
| CVE-2016-8717 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. | |||||
| CVE-2016-3953 | 1 Web2py | 1 Web2py | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function. | |||||
| CVE-2016-2360 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | |||||
| CVE-2016-2358 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. | |||||
| CVE-2016-2357 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. | |||||
| CVE-2016-10928 | 1 Onelogin | 1 Onelogin Saml Sso | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users. | |||||
| CVE-2016-0235 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326. | |||||
| CVE-2015-9254 | 1 Datto | 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Datto ALTO and SIRIS devices have a default VNC password. | |||||
| CVE-2015-7276 | 1 Technicolor | 4 C2000t, C2000t Firmware, C2100t and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Technicolor C2000T and C2100T uses hard-coded cryptographic keys. | |||||
| CVE-2015-3953 | 1 Pifzer | 6 Plum A\+3 Infusion System, Plum A\+3 Infusion System Firmware, Plum A\+ Infusion System and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. | |||||
| CVE-2014-9614 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. | |||||