Total
1450 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4675 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511. | |||||
| CVE-2019-4392 | 1 Hcltech | 1 Appscan | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. | |||||
| CVE-2019-4327 | 1 Hcltech | 1 Appscan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | |||||
| CVE-2019-4309 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. | |||||
| CVE-2019-4220 | 1 Ibm | 2 Infosphere Information Server On Cloud, Watson Knowledge Catalog | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229. | |||||
| CVE-2019-3983 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. | |||||
| CVE-2019-3950 | 1 Arlo | 10 Vmb3010, Vmb3010 Firmware, Vmb3500 and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to. | |||||
| CVE-2019-3939 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device. | |||||
| CVE-2019-3938 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords. | |||||
| CVE-2019-3932 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge. | |||||
| CVE-2019-3918 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces. | |||||
| CVE-2019-3908 | 1 Identicard | 1 Premisys Id | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data. | |||||
| CVE-2019-3906 | 1 Identicard | 1 Premisys Id | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents. | |||||
| CVE-2019-3710 | 1 Dell | 1 Emc Networking Os10 | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges. | |||||
| CVE-2019-3497 | 1 Indionetworks | 2 Unibox, Unibox Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | |||||
| CVE-2019-3496 | 1 Indionetworks | 2 Unibox, Unibox Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | |||||
| CVE-2019-3495 | 1 Indionetworks | 2 Unibox, Unibox Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | |||||
| CVE-2019-25021 | 1 Scytl | 1 Secure Vote | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code. | |||||
| CVE-2019-20656 | 1 Netgear | 30 D6200, D6200 Firmware, D7000 and 27 more | 2024-11-21 | 3.3 LOW | 8.8 HIGH |
| Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62. | |||||
| CVE-2019-20471 | 1 Tk-star | 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470. | |||||