Total
1423 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24218 | 1 Szuray | 95 Iptv\/h.264 Video Encoder Firmware, Iptv\/h.265 Video Encoder Firmware, Uaioe264-1u and 92 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file. | ||||
| CVE-2020-24215 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution. | ||||
| CVE-2020-24115 | 1 Online Book Store Project | 1 Online Book Store | 2024-11-21 | 9.8 Critical |
| In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access. | ||||
| CVE-2020-24056 | 1 Verint | 6 4320, 4320 Firmware, 5620ptz and 3 more | 2024-11-21 | 7.5 High |
| A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | ||||
| CVE-2020-24053 | 1 Moog | 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more | 2024-11-21 | 7.5 High |
| Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | ||||
| CVE-2020-21995 | 1 Inim | 12 Smartliving 10100l, Smartliving 10100l Firmware, Smartliving 10100lg3 and 9 more | 2024-11-21 | 9.8 Critical |
| Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system. | ||||
| CVE-2020-1764 | 2 Kiali, Redhat | 3 Kiali, Openshift Service Mesh, Service Mesh | 2024-11-21 | 8.6 High |
| A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration. | ||||
| CVE-2020-1716 | 2 Ceph, Redhat | 2 Ceph-ansible, Ceph Storage | 2024-11-21 | 8.8 High |
| A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph dashboard to initiate read, write, and delete Ceph clusters and also modify Ceph cluster configurations. Versions before ceph-ansible 6.0.0alpha1 are affected. | ||||
| CVE-2020-1615 | 1 Juniper | 2 Junos, Vmx | 2024-11-21 | 9.8 Critical |
| The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. This issue affects Juniper Networks Junos OS: 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on vMX; 17.2 versions prior to 17.2R3-S3 on vMX; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on vMX; 17.4 versions prior to 17.4R2-S9, 17.4R3 on vMX; 18.1 versions prior to 18.1R3-S9 on vMX; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on vMX; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D60 on vMX; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on vMX; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on vMX; 19.1 versions prior to 19.1R1-S4, 19.1R2, 19.1R3 on vMX; 19.2 versions prior to 19.2R1-S3, 19.2R2 on vMX; 19.3 versions prior to 19.3R1-S1, 19.3R2 on vMX. | ||||
| CVE-2020-1614 | 1 Juniper | 2 Junos, Nfx250 | 2024-11-21 | 10 Critical |
| A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX250 Series vSRX VNF. No other products or platforms are affected. This issue is only applicable to environments where the vSRX VNF root password has not been configured. This issue affects the Juniper Networks NFX250 Network Services Platform vSRX VNF instance on versions prior to 19.2R1. | ||||
| CVE-2020-16258 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 7.1 High |
| Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials. | ||||
| CVE-2020-16170 | 1 Robotemi | 1 Temi | 2024-11-21 | 7.5 High |
| Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors. | ||||
| CVE-2020-15833 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner. | ||||
| CVE-2020-15382 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 7.2 High |
| Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time. | ||||
| CVE-2020-15327 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 7.5 High |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. | ||||
| CVE-2020-15326 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.3 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. | ||||
| CVE-2020-15324 | 1 Zyxel | 1 Cloud Cnm Secumanager | 2024-11-21 | 9.8 Critical |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. | ||||
| CVE-2020-15323 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 9.8 Critical |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials. | ||||
| CVE-2020-15322 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 9.8 Critical |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account. | ||||
| CVE-2020-15321 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 9.8 Critical |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. | ||||