Skip to main content

Daktronics DMP-5000 CVE-2026-31928

| EUVDEUVD-2026-39925 CRITICAL
Use of Hard-coded Credentials (CWE-798)
2026-06-26 icscert GHSA-rf2w-j7p7-rw94
9.3
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
9.3 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.8 CRITICAL

Default credentials are publicly known so the auth barrier is effectively absent (PR:N) over a low-complexity network web interface, and full admin access compromises device confidentiality, integrity, and availability.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (icscert).

CVSS VectorVendor: icscert

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 26, 2026 - 23:31 vuln.today
Severity Changed
Jun 26, 2026 - 23:22 NVD
HIGH CRITICAL
CVSS changed
Jun 26, 2026 - 23:22 NVD
8.1 (HIGH) 9.3 (CRITICAL)

DescriptionCVE.org

The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.

AnalysisAI

Default administrative web credentials in Daktronics DMP-5000, VFC-DMP-5000, and DMP-8000 digital media players grant full system access to anyone who knows the shipped account, because the devices do not force a credential change during setup or operation. Tracked as CWE-798 (use of hard-coded/default credentials) and rated CVSS 4.0 9.3 by ICS-CERT, this lets a network-positioned attacker log into the management interface and seize complete control of the device. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach DMP-5000 web management interface
Delivery
Log in with default admin credentials
Exploit
Gain full administrative system access
Execution
Modify display content or device config
Impact
Pivot into OT network

Vulnerability AssessmentAI

Exploitation Requires network reachability to the device's administrative web interface and knowledge of the shipped default administrative credentials, which the product does not require operators to change during initial configuration or operation - so any unit left at defaults is exploitable by anyone who knows the documented account. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are largely consistent toward elevated priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the DMP-5000 management web interface - for example from a flat venue network or an exposed signage VLAN - browses to the login page and authenticates with the documented default administrative credentials. With full system access they can alter or replace the content shown on the connected video display, change device configuration, and use the controller as a foothold into the OT network. …
Remediation No vendor-released patch version is identified at time of analysis, so remediation centers on credential hygiene and network controls: immediately change the default administrative web account password to a strong unique value on every DMP-5000, VFC-DMP-5000, and DMP-8000 unit, and disable or rename the default account if the firmware permits. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Manually change default administrative credentials to unique, complex passwords on all Daktronics DMP devices; implement network firewall rules restricting administrative interface access to authorized administrative subnets only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-31928 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy