Total
1266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5431 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2019-10-09 | 4.6 MEDIUM | 6.8 MEDIUM |
| Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes. | |||||
| CVE-2019-6698 | 1 Fortinet | 4 Fortirecorder 100d, Fortirecorder 200d, Fortirecorder 400d and 1 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device. | |||||
| CVE-2018-16546 | 1 Amcrest | 1 Amcrest Ipc-hx1x3x-lexus Eng N Amcrest | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206. | |||||
| CVE-2018-15360 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. | |||||
| CVE-2017-15582 | 1 Writediary | 1 Diary With Lock | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries. | |||||
| CVE-2018-9083 | 1 Lenovo | 8 System Management Module Firmware, Thinkagile Hx Enclosure 7x81, Thinkagile Hx Enclosure 7y87 and 5 more | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability. | |||||
| CVE-2017-11632 | 1 - | 1 Wireless Ip Camera 360 | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session. | |||||
| CVE-2017-5600 | 1 Netapp | 1 Oncommand Insight | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account. | |||||
| CVE-2018-14901 | 1 Epson | 1 Iprint | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services. | |||||
| CVE-2017-8077 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
| CVE-2018-5797 | 1 Extremenetworks | 1 Extremewireless Wing | 2019-10-03 | 3.3 LOW | 7.5 HIGH |
| An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port. | |||||
| CVE-2018-11509 | 1 Asustor | 1 Asustor Data Master | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell. | |||||
| CVE-2018-5725 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server. | |||||
| CVE-2017-4976 | 1 Emc | 1 Esrs Policy Manager | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server. | |||||
| CVE-2017-12860 | 1 Epson | 1 Easymp | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded "backdoor" code (2270), which authenticates to all devices. | |||||
| CVE-2017-11026 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys. | |||||
| CVE-2018-15491 | 1 Zemana | 1 Antilogger | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes). | |||||
| CVE-2017-2720 | 1 Huawei | 1 Fusionsphere Openstack | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure. | |||||
| CVE-2018-18473 | 1 Patlite | 6 Nbm-d88n, Nbm-d88n Firmware, Nhl-3fb1 and 3 more | 2019-09-09 | 10.0 HIGH | 9.8 CRITICAL |
| A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system. | |||||
| CVE-2019-15867 | 1 Omaksolutions | 1 Slick-popup | 2019-09-06 | 6.5 MEDIUM | 8.8 HIGH |
| The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action. | |||||