Monthly
Default credentials in netbox-docker before 2.5.0.
Acronis Cyber Protect and Agent virtual appliances on VMware contain hardcoded default credentials for local privileged accounts, allowing attackers with network access and user interaction to gain high-level system access and potentially modify or disrupt backup operations. The vulnerability affects Cyber Protect Cloud Agent (VMware) before build 36943 and Cyber Protect 17 (VMware) before build 41186, with no patch currently available. An attacker exploiting this could achieve privilege escalation and lateral movement within virtualized environments.
Default credentials in SODOLA SL902-SWTGW124AS network switch firmware allow unauthenticated remote access. Default credentials are publicly known, enabling complete device takeover.
Default credentials in Tattile Smart+, Vega, and Basic ANPR camera families firmware 1.181.5 and prior. License plate recognition cameras ship with known default credentials. PoC available.
eNet SMART HOME server ships with default credentials (user:user, admin:admin) (CVSS 9.8) enabling immediate administrative access to the smart home system.
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. [CVSS 8.4 HIGH]
Edimax BR-6208AC firmware versions prior to 2_1.02 contain an authentication bypass in the auth_check_userpass2 function that allows remote attackers to gain access using default credentials through manipulation of username and password parameters. Public exploit code exists for this vulnerability, and the affected product is end-of-life with no vendor patches planned. Organizations still operating this router should immediately restrict network access or plan for replacement.
Ziroom ZHOME A0101 devices running version 1.0.1.0 use hardcoded default credentials in the Dropbear SSH service, enabling unauthenticated remote attackers to gain unauthorized access with high impact to confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response. While exploitation requires specific conditions, security professionals should prioritize assessment and credential rotation for affected systems.
Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin account created during product deployment.
By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced.
Default credentials in netbox-docker before 2.5.0.
Acronis Cyber Protect and Agent virtual appliances on VMware contain hardcoded default credentials for local privileged accounts, allowing attackers with network access and user interaction to gain high-level system access and potentially modify or disrupt backup operations. The vulnerability affects Cyber Protect Cloud Agent (VMware) before build 36943 and Cyber Protect 17 (VMware) before build 41186, with no patch currently available. An attacker exploiting this could achieve privilege escalation and lateral movement within virtualized environments.
Default credentials in SODOLA SL902-SWTGW124AS network switch firmware allow unauthenticated remote access. Default credentials are publicly known, enabling complete device takeover.
Default credentials in Tattile Smart+, Vega, and Basic ANPR camera families firmware 1.181.5 and prior. License plate recognition cameras ship with known default credentials. PoC available.
eNet SMART HOME server ships with default credentials (user:user, admin:admin) (CVSS 9.8) enabling immediate administrative access to the smart home system.
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. [CVSS 8.4 HIGH]
Edimax BR-6208AC firmware versions prior to 2_1.02 contain an authentication bypass in the auth_check_userpass2 function that allows remote attackers to gain access using default credentials through manipulation of username and password parameters. Public exploit code exists for this vulnerability, and the affected product is end-of-life with no vendor patches planned. Organizations still operating this router should immediately restrict network access or plan for replacement.
Ziroom ZHOME A0101 devices running version 1.0.1.0 use hardcoded default credentials in the Dropbear SSH service, enabling unauthenticated remote attackers to gain unauthorized access with high impact to confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response. While exploitation requires specific conditions, security professionals should prioritize assessment and credential rotation for affected systems.
Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin account created during product deployment.
By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced.