High
CVE-2021-45033
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All v…
Tag: Default Credentials
All CVEs associated with "Default Credentials". Page 3/5 • 518 CVEs.
Subscribe CVEs: RSS for “Default Credentials” · RSS (High+Critical only)
About “Default Credentials”
A curated feed of “Default Credentials”-related CVEs appears below. We currently track 518 CVEs for this tag (all time). In the last 365 days, 100 were published. Average CVSS is 8.4 (all time; 8.0 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-1392 - Use of Default Credentials, CWE-798 - Use of Hard-coded Credentials, CWE-1393 - Use of Default Password.
In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2022-01-11
2021-12-30
Medium
CVE-2021-20168
Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connec…
2021-12-13
High
CVE-2021-39064
IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-…
2021-12-08
Medium
CVE-2021-36718
SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Wor…
2021-12-07
Critical
CVE-2021-38759
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
2021-12-01
High
CVE-2021-44480
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated b…
2021-11-04
Critical
CVE-2021-40113
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remot…
Critical
CVE-2021-40112
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remot…
Critical
CVE-2021-34795
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remot…
2021-10-12
Critical
CVE-2021-38456
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords
2021-08-05
Critical
CVE-2021-35327
A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request.
2021-08-02
Critical
CVE-2021-37167
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using t…
2021-07-26
Critical
CVE-2021-37555
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password…
2021-07-16
Critical
CVE-2021-35961
Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and o…
2021-07-07
Critical
CVE-2021-32535
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerabil…
2021-06-16
High
CVE-2021-31477
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific fl…
High
CVE-2021-34203
D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this funct…
2021-05-28
High
CVE-2020-1716
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this…
2021-05-06
Critical
CVE-2021-28152
Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superz…
High
CVE-2021-21505
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default cre…
2021-05-04
High
CVE-2020-21999
iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell…
2021-04-29
High
CVE-2020-21992
Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called…
2021-02-08
Medium
CVE-2020-11915
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface…
2021-02-01
High
CVE-2019-20471
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no p…
High
CVE-2019-20470
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the w…
2021-01-26
High
CVE-2021-25863
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.
2020-12-31
Critical
CVE-2020-25848
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
2020-12-22
Critical
CVE-2018-15632
Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can…
2020-12-14
Medium
CVE-2020-0019
In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local information disclosure in the kernel with no additional execution privileges needed. User interaction i…
High
CVE-2020-0016
In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction…
2020-11-24
Critical
CVE-2020-4001
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to t…
2020-11-18
Critical
CVE-2020-26097
The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the…
2020-11-17
Critical
CVE-2020-27555
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user.
2020-11-16
Critical
CVE-2020-26510
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.
High
CVE-2020-26509
Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service.
2020-10-28
High
CVE-2020-16258
Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials.
2020-10-20
Medium
CVE-2020-6369
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords fo…
2020-10-12
Critical
CVE-2019-17444
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely…
2020-09-24
High
CVE-2020-24365
An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on t…
2020-09-11
High
CVE-2020-25252
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user,…
2020-09-01
Critical
CVE-2020-5777
MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger…
2020-08-13
Medium
CVE-2020-11733
An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metac…
2020-08-06
Critical
CVE-2020-7357
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user…
2020-07-23
Critical
CVE-2020-11624
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change th…
2020-07-15
Critical
CVE-2020-10287
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set…
2020-06-29
Critical
CVE-2020-15323
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.
2020-06-24
Critical
CVE-2020-10275
The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly…
High
CVE-2020-10274
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related fl…
2020-06-08
Critical
CVE-2020-12773
A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the…
2020-06-03
High
CVE-2020-3234
A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers…
2020-05-20
Medium
CVE-2020-5365
Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account…
2020-05-07
Critical
CVE-2020-4429
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and exec…
2020-04-17
Critical
CVE-2020-11878
The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts.
2020-04-08
Critical
CVE-2020-1615
The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attac…
2020-04-07
High
CVE-2019-13554
GE Mark VIe Controller has an unsecured Telnet protocol that may allow a user to create an authenticated session using generic default credentials. GE recommends that users disable the Telnet service.
2020-02-27
High
CVE-2020-3923
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system.
2020-02-21
High
CVE-2020-9330
Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gain…
2020-02-19
High
CVE-2019-1950
A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default…
Critical
CVE-2014-9614
The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.
2019-12-23
Critical
CVE-2019-7488
Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version…
2019-12-13
Critical
CVE-2019-16734
Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
Critical
CVE-2014-0175
mcollective has a default password set at install
2019-12-12
Critical
CVE-2019-10694
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlo…
2019-12-02
Critical
CVE-2019-19492
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
2019-12-01
High
CVE-2019-19469
In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak defau…
2019-10-17
Critical
CVE-2019-13657
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise syste…
2019-10-02
Critical
CVE-2019-13658
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
2019-09-24
Medium
CVE-2018-9090
CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret…
2019-08-26
Critical
CVE-2019-15497
Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH,…
Critical
CVE-2019-4169
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.
Critical
CVE-2019-15304
Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumente…
2019-08-21
Critical
CVE-2019-1935
A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in t…
2019-08-08
Medium
CVE-2019-1953
A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to i…
2019-07-30
High
CVE-2017-18381
The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
Critical
CVE-2019-11202
An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a d…
2019-07-07
High
CVE-2019-13379
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?actio…
2019-07-05
Critical
CVE-2018-14528
Invoxia NVX220 devices allow TELNET access as admin with a default password.
2019-07-03
Critical
CVE-2017-8229
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using b…
Critical
CVE-2017-8226
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmwa…
2019-07-02
Critical
CVE-2019-7252
Linear eMerge E3-Series devices have Default Credentials.
2019-07-01
Critical
CVE-2019-7271
Nortek Linear eMerge 50P/5000P devices have Default Credentials.
Critical
CVE-2019-7668
Prima Systems FlexAir devices have Default Credentials.
2019-06-27
High
CVE-2019-7227
In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An…
2019-06-07
Critical
CVE-2018-10698
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff…
2019-05-23
Critical
CVE-2019-10850
Computrols CBAS 18.0.0 has Default Credentials.
2019-05-13
High
CVE-2018-4017
An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the devic…
2019-05-03
High
CVE-2019-1859
A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to passw…
2019-05-02
High
CVE-2017-18374
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the userna…
High
CVE-2017-18373
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username tr…
Critical
CVE-2017-18371
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and…
2019-04-30
Critical
CVE-2019-3939
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use t…
2019-04-11
Critical
CVE-2019-9733
An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifacto…
2019-04-02
Critical
CVE-2018-19275
The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrar…
2019-03-21
Critical
CVE-2018-18473
A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09…
2019-02-12
High
CVE-2019-1688
A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) c…
2019-02-09
Critical
CVE-2009-5154
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.
2019-02-08
High
CVE-2019-7632
LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The li…
2019-01-18
Critical
CVE-2019-3909
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
2018-12-12
Critical
CVE-2018-15719
Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all d…
2018-12-06
High
CVE-2018-19911
FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on…
2018-11-26
High
CVE-2018-19537
TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF…
2018-11-19
High
CVE-2018-17906
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to comp…
2018-11-02
High
CVE-2018-11062
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privil…
2018-10-30
High
CVE-2018-10532
An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the "core_app" binary utilised by the EE router for netw…
2018-10-10
Medium
CVE-2018-17919
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access…
2018-10-01
High
CVE-2018-10605
Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to co…
2018-09-20
High
CVE-2018-16752
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the d…
2018-08-23
High
CVE-2018-15748
On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenti…
2018-08-17
High
CVE-2018-15360
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.
Critical
CVE-2018-15350
Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router.
2018-08-05
Critical
CVE-2018-14943
Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.
2018-07-30
High
CVE-2018-10898
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily gues…
2018-07-13
High
CVE-2016-9495
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of…
Critical
CVE-2016-6554
Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A re…
Critical
CVE-2016-6553
Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulne…
Critical
CVE-2016-6552
Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.
Critical
CVE-2016-6551
Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access…
2018-07-05
High
CVE-2018-10987
An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a special…
2018-06-28
Critical
CVE-2018-12924
Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service.
2018-05-14
Medium
CVE-2018-10989
Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0…