Monthly
KTM System e-BOK enforces a system-wide password policy that restricts all user credentials to exactly six numeric digits, prohibiting alphabetic, special, or extended characters and producing a maximum keyspace of only 1,000,000 possible values (10^6). This CWE-521 (Weak Password Requirements) flaw enables remote unauthenticated brute-force attacks against any customer account, as confirmed by the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N). No public exploit code or CISA KEV listing exists, but the trivial keyspace means no specialized tooling is required - standard credential automation suffices. CERT-PL reported the issue; a vendor patch was published in June 2026.
Weak password requirements in the Samba service of Tenda AC15 firmware 15.03.05.19 expose SMB file-sharing functionality to brute-force attacks from adjacent-network attackers. The flaw originates in the /etc_ro/smb.conf configuration, which enforces insufficient password complexity, enabling unauthenticated local-network adversaries to guess or brute-force credentials and achieve limited confidentiality, integrity, and availability impact. Publicly available exploit code exists, though the high attack complexity (AC:H) and adjacency requirement (AV:A) constrain realistic exploitation to targeted, in-person or LAN-positioned threat actors.
IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Weak password requirements in the Bluetooth Low Energy (BLE) handler of the Besen BS20 EV Charging Station (firmware up to 20260426) expose the device to credential brute-forcing from adjacent-network attackers within Bluetooth range. The flaw, catalogued under CWE-521, results in limited confidentiality impact (VC:L in CVSS 4.0) with no integrity or availability consequences, yielding an overall CVSS 4.0 score of 1.3. Publicly available exploit code exists (E:P in CVSS vector, GitHub PoC at carfeii/besen), though EPSS sits at 0.01% (2nd percentile), and no active exploitation has been confirmed by CISA KEV. Besen acknowledged the report as of April 2026 but no patched firmware version has been released.
Weak password policy enforcement in Quantum Networks router QN-I-470 version 6.1.1.B1 enables adjacent network attackers to gain unauthorized administrative access through password brute-force attacks. CVSS 7.6 reflects adjacent network requirement (AV:A) and high complexity (AC:H), limiting exploitation to attackers already on the local network segment. No active exploitation confirmed (not in CISA KEV), but authentication bypass via brute-force is a well-understood attack primitive requiring only network proximity and time.
Brute force password attacks against Horner Automation XL4/XL7 PLCs and Cscape software allow remote unauthenticated attackers to gain unauthorized administrative access via network connections. Weak password policies (limited complexity requirements) combined with absent rate limiting enable systematic credential enumeration. CVSS 9.1 (Critical) reflects network-accessible attack with no authentication required. CISA ICS-CERT advisory confirms vulnerability in operational technology environments where PLCs control industrial processes.
Juniper Networks CTP OS 9.2R1 and 9.2R2 fail to persist password complexity settings, enabling unauthenticated attackers to exploit predictable weak passwords on local accounts. The password management function allows administrators to configure complexity requirements but does not save these configurations, verifiable through 'Show password requirements' menu. This defect permits trivial passwords that attackers can brute-force remotely to gain full device control. No public exploit identified at time of analysis.
Nautobot REST API user creation and modification endpoints bypass Django's configured password validation rules, allowing authenticated administrators to set or modify user passwords that fail to meet organizational security standards. Versions prior to 2.4.30 and 3.0.10 are affected; an authenticated admin with high privileges can create accounts with weak passwords despite configured AUTH_PASSWORD_VALIDATORS rules. CVSS score is 2.7 (low severity) due to requirement for authenticated administrative access; however, organizations with strict password policies relying on Nautobot's config-driven enforcement face integrity risk.
HCL Aftermarket DPC version 1.0.0 enforces weak password policies that enable attackers to conduct brute-force attacks and guess user credentials, potentially gaining unauthorized account access with low confidentiality and availability impact. The vulnerability requires user interaction and high attack complexity to exploit, but affects unauthenticated threat actors over the network. No public exploit code or active exploitation has been identified at the time of analysis.
Weak password policy in Vikunja task management before 2.0.0 allows users to set trivially guessable passwords. PoC available.
KTM System e-BOK enforces a system-wide password policy that restricts all user credentials to exactly six numeric digits, prohibiting alphabetic, special, or extended characters and producing a maximum keyspace of only 1,000,000 possible values (10^6). This CWE-521 (Weak Password Requirements) flaw enables remote unauthenticated brute-force attacks against any customer account, as confirmed by the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N). No public exploit code or CISA KEV listing exists, but the trivial keyspace means no specialized tooling is required - standard credential automation suffices. CERT-PL reported the issue; a vendor patch was published in June 2026.
Weak password requirements in the Samba service of Tenda AC15 firmware 15.03.05.19 expose SMB file-sharing functionality to brute-force attacks from adjacent-network attackers. The flaw originates in the /etc_ro/smb.conf configuration, which enforces insufficient password complexity, enabling unauthenticated local-network adversaries to guess or brute-force credentials and achieve limited confidentiality, integrity, and availability impact. Publicly available exploit code exists, though the high attack complexity (AC:H) and adjacency requirement (AV:A) constrain realistic exploitation to targeted, in-person or LAN-positioned threat actors.
IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Weak password requirements in the Bluetooth Low Energy (BLE) handler of the Besen BS20 EV Charging Station (firmware up to 20260426) expose the device to credential brute-forcing from adjacent-network attackers within Bluetooth range. The flaw, catalogued under CWE-521, results in limited confidentiality impact (VC:L in CVSS 4.0) with no integrity or availability consequences, yielding an overall CVSS 4.0 score of 1.3. Publicly available exploit code exists (E:P in CVSS vector, GitHub PoC at carfeii/besen), though EPSS sits at 0.01% (2nd percentile), and no active exploitation has been confirmed by CISA KEV. Besen acknowledged the report as of April 2026 but no patched firmware version has been released.
Weak password policy enforcement in Quantum Networks router QN-I-470 version 6.1.1.B1 enables adjacent network attackers to gain unauthorized administrative access through password brute-force attacks. CVSS 7.6 reflects adjacent network requirement (AV:A) and high complexity (AC:H), limiting exploitation to attackers already on the local network segment. No active exploitation confirmed (not in CISA KEV), but authentication bypass via brute-force is a well-understood attack primitive requiring only network proximity and time.
Brute force password attacks against Horner Automation XL4/XL7 PLCs and Cscape software allow remote unauthenticated attackers to gain unauthorized administrative access via network connections. Weak password policies (limited complexity requirements) combined with absent rate limiting enable systematic credential enumeration. CVSS 9.1 (Critical) reflects network-accessible attack with no authentication required. CISA ICS-CERT advisory confirms vulnerability in operational technology environments where PLCs control industrial processes.
Juniper Networks CTP OS 9.2R1 and 9.2R2 fail to persist password complexity settings, enabling unauthenticated attackers to exploit predictable weak passwords on local accounts. The password management function allows administrators to configure complexity requirements but does not save these configurations, verifiable through 'Show password requirements' menu. This defect permits trivial passwords that attackers can brute-force remotely to gain full device control. No public exploit identified at time of analysis.
Nautobot REST API user creation and modification endpoints bypass Django's configured password validation rules, allowing authenticated administrators to set or modify user passwords that fail to meet organizational security standards. Versions prior to 2.4.30 and 3.0.10 are affected; an authenticated admin with high privileges can create accounts with weak passwords despite configured AUTH_PASSWORD_VALIDATORS rules. CVSS score is 2.7 (low severity) due to requirement for authenticated administrative access; however, organizations with strict password policies relying on Nautobot's config-driven enforcement face integrity risk.
HCL Aftermarket DPC version 1.0.0 enforces weak password policies that enable attackers to conduct brute-force attacks and guess user credentials, potentially gaining unauthorized account access with low confidentiality and availability impact. The vulnerability requires user interaction and high attack complexity to exploit, but affects unauthenticated threat actors over the network. No public exploit code or active exploitation has been identified at the time of analysis.
Weak password policy in Vikunja task management before 2.0.0 allows users to set trivially guessable passwords. PoC available.