CVE Daily
← All tags

Tag: Default Credentials

All CVEs associated with "Default Credentials". Page 4/5 • 518 CVEs.

Subscribe CVEs: RSS for “Default Credentials”  ·  RSS (High+Critical only)

About “Default Credentials”

A curated feed of “Default Credentials”-related CVEs appears below. We currently track 518 CVEs for this tag (all time). In the last 365 days, 100 were published. Average CVSS is 8.4 (all time; 8.0 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-1392 - Use of Default Credentials, CWE-798 - Use of Hard-coded Credentials, CWE-1393 - Use of Default Password.

In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2018-05-10
Critical

CVE-2018-9112

A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the e…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2018-04-05
Medium

CVE-2017-12095

An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default cred…

CVSS: 6.5 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
2018-03-22
Medium

CVE-2017-17743

Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote att…

CVSS: 6.7 CWE: CWE-287 - Improper Authentication View on NVD
2018-03-10
High

CVE-2018-6312

A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interfa…

CVSS: 7.2 CWE: CWE-521 - Weak Password Requirements View on NVD
2018-02-22
Critical

CVE-2018-0130

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative acce…

CVSS: 9.8 CWE: CWE-264 View on NVD
2018-02-12
High

CVE-2018-1214

Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account al…

CVSS: 7.0 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2018-01-08
High

CVE-2018-5266

Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: defau…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-12-22
Critical

CVE-2017-16727

A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user c…

CVSS: 9.1 CWE: CWE-255 View on NVD
2017-12-16
Critical

CVE-2017-3186

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a dev…

CVSS: 9.8 CWE: CWE-521 - Weak Password Requirements View on NVD
Critical

CVE-2017-3184

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2017-11-06
High

CVE-2017-16565

Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arb…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2017-09-20
Critical

CVE-2017-8772

On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file syst…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Critical

CVE-2017-8771

On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-09-13
Critical

CVE-2017-11351

Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-08-28
High

CVE-2016-7030

FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in whi…

CVSS: 7.5 CWE: CWE-255 View on NVD
2017-08-05
Critical

CVE-2017-9852

An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwo…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-07-21
Critical

CVE-2017-9932

Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account.

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-07-17
Critical

CVE-2017-8011

EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Pac…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-07-09
Critical

CVE-2017-4976

EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-07-06
Critical

CVE-2017-6713

A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due t…

CVSS: 9.8 CWE: CWE-264 View on NVD
2017-06-13
High

CVE-2017-6688

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerabil…

CVSS: 8.8 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
High

CVE-2017-6687

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default cr…

CVSS: 8.8 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
High

CVE-2017-6686

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affecte…

CVSS: 8.8 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
High

CVE-2017-6685

A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device,…

CVSS: 8.8 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
High

CVE-2017-6684

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulner…

CVSS: 8.8 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
2017-06-06
Critical

CVE-2016-0726

The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge o…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-05-22
Medium

CVE-2017-2162

FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless…

CVSS: 4.3 CWE: N/A View on NVD
2017-05-21
High

CVE-2017-9137

Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both…

CVSS: 7.3 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
2017-04-24
Critical

CVE-2015-7246

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obt…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-04-21
Critical

CVE-2016-1560

ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-04-13
Critical

CVE-2015-8282

SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.

CVSS: 9.8 CWE: CWE-255 View on NVD
2017-04-06
Critical

CVE-2017-3834

A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete contr…

CVSS: 9.8 CWE: CWE-255 View on NVD
2017-04-04
Medium

CVE-2017-7306

Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging kn…

CVSS: 6.4 CWE: CWE-521 - Weak Password Requirements View on NVD
2017-03-30
Critical

CVE-2016-10307

Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but t…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Critical

CVE-2016-10306

Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UN…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Critical

CVE-2016-10305

Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-03-08
Critical

CVE-2017-5178

An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is insta…

CVSS: 9.8 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
2017-02-13
High

CVE-2017-5155

An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compr…

CVSS: 7.3 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
2017-01-04
Critical

CVE-2016-10115

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default passw…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2016-12-09
Critical

CVE-2016-6829

The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, whic…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2016-09-21
Critical

CVE-2016-6530

Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of t…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2016-09-18
Critical

CVE-2016-0930

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH…

CVSS: 9.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2016-05-31
High

CVE-2016-2286

Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePor…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
2016-04-25
Critical

CVE-2016-2331

The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access vi…

CVSS: 9.8 CWE: CWE-255 View on NVD
2016-04-11
High

CVE-2015-5329

The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for rem…

CVSS: 7.3 CWE: CWE-264 View on NVD
2016-01-12
Critical

CVE-2015-8611

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Managem…

CVSS: 9.8 CWE: CWE-255 View on NVD
2015-12-31
High

CVE-2015-7283

The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative pr…

CVSS: 8.1 CWE: CWE-255 View on NVD
Critical

CVE-2015-7280

The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative priv…

CVSS: 9.8 CWE: CWE-255 View on NVD
Critical

CVE-2015-7277

The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative…

CVSS: 9.8 CWE: CWE-255 View on NVD
Critical

CVE-2015-6016

ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows re…

CVSS: 9.8 CWE: CWE-255 View on NVD
Medium

CVE-2015-5994

The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the media…

CVSS: 6.8 CWE: CWE-255 View on NVD
Critical

CVE-2015-2874

Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root acc…

CVSS: 9.8 CWE: CWE-255 View on NVD
2015-12-28
High

CVE-2015-6850

EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session.

CVSS: 8.4 CWE: CWE-264 View on NVD
2015-10-28
High

CVE-2015-3968

The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21.

CVSS: 7.5 CWE: CWE-255 View on NVD
2015-10-16
Critical

CVE-2015-7856

OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.

CVSS: 10.0 CWE: CWE-255 View on NVD
2015-09-21
High

CVE-2015-2915

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote…

CVSS: 7.3 CWE: CWE-255 View on NVD
2015-08-04
Critical

CVE-2014-9736

GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststor…

CVSS: 10.0 CWE: CWE-255 View on NVD
Critical

CVE-2014-7233

GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and A…

CVSS: 10.0 CWE: CWE-255 View on NVD
Critical

CVE-2012-6693

GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vecto…

CVSS: 10.0 CWE: CWE-255 View on NVD
Critical

CVE-2011-5322

GE Healthcare Centricity Analytics Server 1.1 has a default password of (1) V0yag3r for the SQL Server sa user, (2) G3car3s for the analyst user, (3) G3car3s for the ccg user, (4) V0yag3r for the vie…

CVSS: 10.0 CWE: CWE-255 View on NVD
Critical

CVE-2010-5309

GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors.

CVSS: 10.0 CWE: CWE-255 View on NVD
Critical

CVE-2010-5306

GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors.

CVSS: 10.0 CWE: CWE-255 View on NVD
Critical

CVE-2006-7253

GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency use…

CVSS: 10.0 CWE: CWE-255 View on NVD
Critical

CVE-2003-1603

GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has u…

CVSS: 10.0 CWE: CWE-255 View on NVD
Critical

CVE-2002-2445

GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the r…

CVSS: 10.0 CWE: N/A View on NVD
2015-04-10
Critical

CVE-2015-1842

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary she…

CVSS: 10.0 CWE: CWE-255 View on NVD
2015-04-05
Medium

CVE-2015-0529

EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive…

CVSS: 5.0 CWE: CWE-255 View on NVD
2015-01-17
High

CVE-2015-0924

Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session.

CVSS: 7.8 CWE: CWE-255 View on NVD
2015-01-16
Critical

CVE-2014-3692

The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote at…

CVSS: 10.0 CWE: CWE-255 View on NVD
2014-12-18
Critical

CVE-2014-9406

ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access…

CVSS: 10.0 CWE: CWE-255 View on NVD
2014-12-02
Critical

CVE-2014-9183

ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.

CVSS: 10.0 CWE: CWE-255 View on NVD
2014-11-06
Critical

CVE-2014-8656

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the roo…

CVSS: 10.0 CWE: CWE-255 View on NVD
2014-08-12
Medium

CVE-2007-6756

ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cau…

CVSS: 4.9 CWE: CWE-255 View on NVD
2014-07-16
High

CVE-2014-4018

The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 7.8 CWE: CWE-255 View on NVD
2014-07-15
High

CVE-2014-3419

Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors.

CVSS: 7.2 CWE: CWE-255 View on NVD
2014-02-26
Medium

CVE-2014-0842

The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remo…

CVSS: 5.0 CWE: CWE-255 View on NVD
2014-01-10
High

CVE-2014-1408

The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as…

CVSS: 7.8 CWE: CWE-255 View on NVD
2013-08-09
Critical

CVE-2013-4031

The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPle…

CVSS: 10.0 CWE: CWE-255 View on NVD
2013-08-08
Critical

CVE-2013-3454

Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which ma…

CVSS: 10.0 CWE: CWE-255 View on NVD
2013-06-30
Critical

CVE-2013-4735

The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier f…

CVSS: 10.0 CWE: CWE-264 View on NVD
High

CVE-2013-2342

The HP StoreOnce D2D backup system with software before 3.0.0 has a default password of badg3r5 for the HPSupport account, which allows remote attackers to obtain administrative access and delete dat…

CVSS: 7.7 CWE: CWE-255 View on NVD
2013-04-11
High

CVE-2013-1170

The Cisco Prime Network Control System (NCS) appliance with software before 1.1.1.24 has a default password for the database user account, which makes it easier for remote attackers to change the con…

CVSS: 7.5 CWE: CWE-255 View on NVD
2013-04-04
Critical

CVE-2013-2762

The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions…

CVSS: 10.0 CWE: CWE-255 View on NVD
2012-09-07
Critical

CVE-2012-4879

The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a def…

CVSS: 10.0 CWE: CWE-255 View on NVD
Critical

CVE-2012-3013

WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote att…

CVSS: 10.0 CWE: CWE-255 View on NVD
2012-08-29
High

CVE-2012-3579

Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.

CVSS: 7.9 CWE: CWE-264 View on NVD
2012-08-06
High

CVE-2012-3020

The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrativ…

CVSS: 7.5 CWE: CWE-255 View on NVD
2012-07-31
High

CVE-2012-3951

The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows r…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2012-03-22
High

CVE-2012-1844

The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape li…

CVSS: 7.5 CWE: CWE-255 View on NVD
2012-02-03
Critical

CVE-2011-4509

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced;…

CVSS: 10.0 CWE: CWE-264 View on NVD
2012-01-19
Critical

CVE-2011-4659

Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to mod…

CVSS: 10.0 CWE: CWE-264 View on NVD
2011-11-12
Medium

CVE-2011-4048

The Dell KACE K2000 System Deployment Appliance has a default username and password for the read-only reporting account, which makes it easier for remote attackers to obtain sensitive information fro…

CVSS: 4.3 CWE: CWE-255 View on NVD
2011-08-29
Critical

CVE-2011-2555

Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH…

CVSS: 10.0 CWE: CWE-255 View on NVD
2011-02-08
Critical

CVE-2011-0885

A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attac…

CVSS: 10.0 CWE: CWE-255 View on NVD
2011-01-12
High

CVE-2011-0423

The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP sessi…

CVSS: 7.5 CWE: CWE-255 View on NVD
2010-12-09
High

CVE-2009-5021

Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password.

CVSS: 7.5 CWE: CWE-255 View on NVD
2010-11-22
Critical

CVE-2010-3038

Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier f…

CVSS: 10.0 CWE: CWE-255 View on NVD
2010-11-17
Critical

CVE-2010-4233

The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default passw…

CVSS: 10.0 CWE: CWE-255 View on NVD
2010-10-26
Medium

CVE-2010-4094

The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by l…

CVSS: 5.0 CWE: CWE-255 View on NVD
2010-10-18
Critical

CVE-2010-0219

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier…

CVSS: 10.0 CWE: CWE-255 View on NVD
2010-07-22
High

CVE-2009-4945

AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php.

CVSS: 7.5 CWE: CWE-255 View on NVD
2010-06-25
Medium

CVE-2010-2469

The Linear eMerge 50 and 5000 uses a default password of eMerge for the IEIeMerge account, which makes it easier for remote attackers to obtain Video Recorder data by establishing a session to the de…

CVSS: 5.0 CWE: CWE-255 View on NVD
2010-05-27
Critical

CVE-2010-0595

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Med…

CVSS: 10.0 CWE: CWE-255 View on NVD
2010-04-20
High

CVE-2009-4770

The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged acce…

CVSS: 7.5 CWE: CWE-255 View on NVD
2010-03-05
Critical

CVE-2010-0570

Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default password for the Tomcat administration account, which makes it easier for remote attackers to execute arbitrary code via a crafted web…

CVSS: 10.0 CWE: CWE-255 View on NVD
2009-12-30
Critical

CVE-2009-4463

Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of serv…

CVSS: 10.0 CWE: CWE-255 View on NVD
2009-12-03
Critical

CVE-2009-4189

HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestr…

CVSS: 10.0 CWE: CWE-255 View on NVD
Critical

CVE-2009-4188

HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct un…

CVSS: 10.0 CWE: CWE-255 View on NVD
2009-11-12
High

CVE-2009-3548

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attack…

CVSS: 7.5 CWE: CWE-255 View on NVD
2009-08-19
Critical

CVE-2008-6993

Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. NOTE: the provenance of this information is unknown; the details a…

CVSS: 10.0 CWE: CWE-310 View on NVD
2009-07-01
Critical

CVE-2009-2271

The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the teln…

CVSS: 10.0 CWE: CWE-255 View on NVD
2009-06-04
Critical

CVE-2008-6824

The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access.

CVSS: 10.0 CWE: CWE-310 View on NVD
2009-05-14
High

CVE-2009-1465

Application Access Server (A-A-S) 2.0.48 has "wildbat" as its default password for the admin account, which makes it easier for remote attackers to obtain access.

CVSS: 7.5 CWE: CWE-255 View on NVD
2009-04-15
High

CVE-2009-1000

The Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 uses default passwords for unspecified "FND Applications Users (not DB users)," which has unknown impact and…

CVSS: 7.5 CWE: CWE-255 View on NVD
2009-03-16
High

CVE-2009-0919

XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the…

CVSS: 7.5 CWE: CWE-255 View on NVD
2009-01-06
Critical

CVE-2008-5848

The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's M…

CVSS: 10.0 CWE: CWE-255 View on NVD
2008-11-12
High

CVE-2008-5041

Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this inf…

CVSS: 7.5 CWE: CWE-264 View on NVD
2008-09-27
Critical

CVE-2008-4296

The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.

CVSS: 10.0 CWE: CWE-255 View on NVD
2008-03-26
High

CVE-2008-1522

ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), have (1) "user" as their default password for the "user" account and (2) "1234" as their defaul…

CVSS: 7.5 CWE: CWE-16 View on NVD
2008-03-13
High

CVE-2007-6709

The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain a…

CVSS: 7.5 CWE: CWE-264 View on NVD