CWE:
 

Topic
Date
Author
High
HPE VAN SDN 2.7.18.0503 Remote Root
28.06.2018
KoreLogic
High
HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
27.06.2018
Matthew Bergin
High
Solarwinds LEM 6.3.1 Hardcoded Credentials
25.04.2017
Matt Bergin
High
Cisco Firepower Threat Management Console Hard-Coded MySQL Credentials
06.10.2016
Matt Bergin
High
AVer Information EH6108H+ Authentication Bypass / Inforation Exposure
28.09.2016
Multiple
High
Seagate GoFlex Satellite Remote Telnet Default Password
19.12.2015
Matt Bergin
High
ZTE ZXHN H108N R1A / ZXV10 W300 Traversal / Disclosure / Authorization
21.11.2015
Karn Ganeshen
High
SAP NetWeaver AS FKCDBFTRACE ABAP Hardcoded Credentials
10.09.2015
Rustem Gazizov, Diana ...
High
SAP NetWeaver AS LSCT1I13 ABAP Hardcoded Credentials
10.09.2015
Rustem Gazizov, Diana ...
High
AirLink101 SkyIPCam1620W OS Command Injection
09.07.2015
CORE
Low
SAP FI Manager Self-Service Hardcoded Username
30.07.2014
Onapsis
Med.
SAP Hard-Coded Credentials
07.06.2014
Ezequiel Gutesman
High
ZTE ZXV10 W300 router contains hardcoded credentials
09.02.2014
USCERT
Med.
Franklin Fuelings T550 Evo Access Control / Credentials
22.01.2014
Matt Jakubowski
High
TP-Link IP Cameras multiple vulnerabilities
28.05.2013
CORE
High
Zavio IP Cameras multiple vulnerabilities
28.05.2013
CORE
High
D-Link IP Cameras Injection & Bypass
30.04.2013
CORE


CVEMAP Search Results

CVE
Details
Description
2019-03-21
High
CVE-2018-20219

Vendor: Teracue
Software: Enc-400 hdmi...
 

 
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged.

 
Low
CVE-2018-17492

Vendor: Hidglobal
Software: Easylobby solo
 

 
EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.

 
2019-03-05
High
CVE-2019-3918

Vendor: Nokia
Software: I-240w-q gpo...
 

 
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.

 
2019-02-21
Medium
CVE-2018-1944

Updating...
 

 
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153386.

 
2019-02-13
High
CVE-2018-15781

Updating...
 

 
The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.

 
2019-02-12
Medium
CVE-2019-1688

Vendor: Cisco
Software: Network assu...
 

 
A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1).

 
2019-02-09
High
CVE-2009-5154

Vendor: Mobotix
Software: S14 firmware
 

 
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.

 
2019-02-07
High
CVE-2019-1675

Vendor: Cisco
Software: Aironet acti...
 

 
A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker could exploit this vulnerability by guessing the account name and password to access the CLI. A successful exploit could allow the attacker to reboot the device repeatedly, creating a denial of service (DoS) condition. It is not possible to change the configuration or view sensitive data with this account. Versions prior to DNAC1.2.8 are affected.

 
2019-02-05
Medium
CVE-2018-18998

Updating...
 

 
LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges.

 
2019-01-31
Medium
CVE-2018-5560

Vendor: Guardzilla
Software: Gz521w firmware
 

 
A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top