Total
1423 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15320 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 9.8 Critical |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. | ||||
| CVE-2020-15319 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.9 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. | ||||
| CVE-2020-15318 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.9 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree. | ||||
| CVE-2020-15317 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.9 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree. | ||||
| CVE-2020-15316 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.9 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree. | ||||
| CVE-2020-15315 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.9 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree. | ||||
| CVE-2020-15314 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.9 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. | ||||
| CVE-2020-15313 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.9 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. | ||||
| CVE-2020-15312 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.9 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. | ||||
| CVE-2020-14510 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2024-11-21 | 9.8 Critical |
| GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. | ||||
| CVE-2020-14474 | 1 Cellebrite | 2 Ufed, Ufed Firmware | 2024-11-21 | 7.5 High |
| The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data. | ||||
| CVE-2020-14099 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2024-11-21 | 7.5 High |
| On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password. | ||||
| CVE-2020-13963 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 9.8 Critical |
| SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account). | ||||
| CVE-2020-13858 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations. | ||||
| CVE-2020-13804 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin. | ||||
| CVE-2020-13793 | 1 Ivanti | 1 Dsm Netinst | 2024-11-21 | 9.8 Critical |
| Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. | ||||
| CVE-2020-13414 | 1 Aviatrix | 2 Controller, Gateway | 2024-11-21 | 7.5 High |
| An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. | ||||
| CVE-2020-13166 | 1 Mylittletools | 1 Mylittleadmin | 2024-11-21 | 9.8 Critical |
| The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code. | ||||
| CVE-2020-12789 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-11-21 | 7.5 High |
| The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. | ||||
| CVE-2020-12627 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.8 Critical |
| Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key. | ||||