Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Default credentials are publicly known so the auth barrier is effectively absent (PR:N) over a low-complexity network web interface, and full admin access compromises device confidentiality, integrity, and availability.
Primary rating from Vendor (icscert).
CVSS VectorVendor: icscert
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.
AnalysisAI
Default administrative web credentials in Daktronics DMP-5000, VFC-DMP-5000, and DMP-8000 digital media players grant full system access to anyone who knows the shipped account, because the devices do not force a credential change during setup or operation. Tracked as CWE-798 (use of hard-coded/default credentials) and rated CVSS 4.0 9.3 by ICS-CERT, this lets a network-positioned attacker log into the management interface and seize complete control of the device. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires network reachability to the device's administrative web interface and knowledge of the shipped default administrative credentials, which the product does not require operators to change during initial configuration or operation - so any unit left at defaults is exploitable by anyone who knows the documented account. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are largely consistent toward elevated priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the DMP-5000 management web interface - for example from a flat venue network or an exposed signage VLAN - browses to the login page and authenticates with the documented default administrative credentials. With full system access they can alter or replace the content shown on the connected video display, change device configuration, and use the controller as a foothold into the OT network. … |
| Remediation | No vendor-released patch version is identified at time of analysis, so remediation centers on credential hygiene and network controls: immediately change the default administrative web account password to a strong unique value on every DMP-5000, VFC-DMP-5000, and DMP-8000 unit, and disable or rename the default account if the firmware permits. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Manually change default administrative credentials to unique, complex passwords on all Daktronics DMP devices; implement network firewall rules restricting administrative interface access to authorized administrative subnets only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Vfc Dmp 5000
View allPath traversal in Daktronics Controller Firmware for the VFC-DMP-5000, DMP-5000, and DMP-8000 display media players lets
Arbitrary file upload in the Daktronics DMP-5000 (and related VFC-DMP-5000 and DMP-8000) media player file service lets
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39925
GHSA-rf2w-j7p7-rw94