Search Results (1730 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-10179 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.
CVE-2016-10177 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 9.8 Critical
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.
CVE-2016-0726 1 Nagios 1 Nagios 2025-04-20 N/A
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
CVE-2017-3222 1 Inmarsat 1 Amosconnect 2025-04-20 9.8 Critical
Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.
CVE-2017-3184 1 Acti 1 Camera Firmware 2025-04-20 N/A
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).
CVE-2016-8754 1 Huawei 2 Oceanstor 5600 V3, Oceanstor 5600 V3 Firmware 2025-04-20 N/A
Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH.
CVE-2015-4667 1 Xceedium 1 Xsuite 2025-04-20 N/A
Multiple hardcoded credentials in Xsuite 2.x.
CVE-2017-9488 1 Cisco 4 Dpc3939, Dpc3939 Firmware, Dpc3941t and 1 more 2025-04-20 N/A
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded credentials. This wan0 interface cannot be accessed from the public Internet.
CVE-2017-7648 1 Foscam 12 C1, C1 Lite, C2 and 9 more 2025-04-20 N/A
Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVE-2016-5818 1 Schneider-electric 2 Powerlogic Pm8ecc, Powerlogic Pm8ecc Firmware 2025-04-20 N/A
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device.
CVE-2016-8491 1 Fortinet 1 Fortiwlc 2025-04-20 N/A
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
CVE-2016-1560 1 Exagrid 16 Ex10000e, Ex10000e Firmware, Ex13000e and 13 more 2025-04-20 N/A
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session.
CVE-2016-8954 1 Ibm 1 Dashdb Local 2025-04-20 N/A
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.
CVE-2017-11129 1 Stashcat 1 Heinekingmedia 2025-04-20 N/A
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user.
CVE-2016-8567 1 Siemens 1 Sicam Pas\/pqs 2025-04-20 9.8 Critical
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP.
CVE-2015-2887 1 Ibaby 2 M3s Baby Monitor, M3s Baby Monitor Firmware 2025-04-20 N/A
iBaby M3S has a password of admin for the backdoor admin account.
CVE-2015-2882 1 Philips 1 In.sight B120\\37 2025-04-20 N/A
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.
CVE-2015-2881 1 Gynoii 3 Gcw-1010, Gcw-1020, Gpw-1025 2025-04-20 N/A
Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.
CVE-2017-5600 1 Netapp 1 Oncommand Insight 2025-04-20 N/A
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account.
CVE-2017-14143 1 Kaltura 1 Kaltura Server 2025-04-20 N/A
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.