Total
1423 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29376 | 1 Vsolcn | 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@l#y$z%x6x7q8c9z) password for the admin account to authenticate to the TELNET service. | ||||
| CVE-2020-29375 | 1 Vsolcn | 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more | 2024-11-21 | 8.8 High |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user. | ||||
| CVE-2020-29323 | 1 Dlink | 2 Dir-885l-mfc, Dir-885l-mfc Firmware | 2024-11-21 | 7.5 High |
| The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | ||||
| CVE-2020-29322 | 1 Dlink | 2 Dir-880l, Dir-880l Firmware | 2024-11-21 | 7.5 High |
| The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | ||||
| CVE-2020-29321 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2024-11-21 | 7.5 High |
| The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | ||||
| CVE-2020-29193 | 1 Panasonic | 2 Wv-s2231l, Wv-s2231l Firmware | 2024-11-21 | 6.8 Medium |
| Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order). | ||||
| CVE-2020-29062 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default blank password for the guest account. | ||||
| CVE-2020-29061 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default root126 password for the root account. | ||||
| CVE-2020-29060 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account. | ||||
| CVE-2020-29059 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default panger123 password for the suma123 account for certain old firmware. | ||||
| CVE-2020-28999 | 1 Mygeeni | 2 Gnc-cw013, Gnc-cw013 Firmware | 2024-11-21 | 7.2 High |
| An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into a shared library (libhipcam.so) used to provide the streaming camera service. | ||||
| CVE-2020-28998 | 1 Mygeeni | 2 Gnc-cw013, Gnc-cw013 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. | ||||
| CVE-2020-28952 | 1 Homey | 4 Homey, Homey Firmware, Homey Pro and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all inter-device communication is encrypted. However, the cited Athom products use another widely known key that is designed for testing purposes: "01030507090b0d0f00020406080a0c0d" (the decimal equivalent of 1 3 5 7 9 11 13 15 0 2 4 6 8 10 12 13), which is human generated and static across all issued devices. | ||||
| CVE-2020-28395 | 1 Siemens | 16 Scalance Xr324-12m, Scalance Xr324-12m Firmware, Scalance Xr324-12m Ts and 13 more | 2024-11-21 | 5.9 Medium |
| A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic. | ||||
| CVE-2020-28391 | 1 Siemens | 132 Scalance X200-4pirt, Scalance X200-4pirt Firmware, Scalance X201-3pirt and 129 more | 2024-11-21 | 5.9 Medium |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic. | ||||
| CVE-2020-28334 | 1 Barco | 2 Wepresent Wipg-1600w, Wepresent Wipg-1600w Firmware | 2024-11-21 | 9.8 Critical |
| Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell. | ||||
| CVE-2020-28329 | 1 Barco | 2 Wepresent Wipg-1600w, Wepresent Wipg-1600w Firmware | 2024-11-21 | 9.8 Critical |
| Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. | ||||
| CVE-2020-27689 | 1 Imomobile | 2 Verve Connect Vh510, Verve Connect Vh510 Firmware | 2024-11-21 | 9.8 Critical |
| The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version. | ||||
| CVE-2020-27278 | 1 Hamilton-medical | 2 Hamilton-t1, Hamilton-t1 Firmware | 2024-11-21 | 5.2 Medium |
| In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface. | ||||
| CVE-2020-27256 | 1 Sooil | 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more | 2024-11-21 | 6.8 Medium |
| In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings. | ||||