Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hard-coded vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-5081
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote malicious users to obtain access via a TELNET session.
Zmodo Zp-ne-14-s -
Zmodo Zp-ibh-13w -
NA
CVE-2023-39458
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. The servi...
NA
CVE-2023-39465
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TmwCrypto class. The issue results f...
NA
CVE-2015-2902
HP ArcSight SmartConnectors prior to 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle malicious users to spoof devices and obtain sensitive information via a crafted certificate.
Hp Arcsight Smartconnectors
NA
CVE-2015-2903
The CWSAPI SOAP service in HP ArcSight SmartConnectors prior to 7.1.6 has a hardcoded password, which makes it easier for remote malicious users to obtain administrative access by leveraging knowledge of this password.
Hp Arcsight Smartconnectors
7
CVSSv3
CVE-2023-25187
An issue exists on NOKIA Airscale ASIKA Single RAN devices prior to 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH s...
Nokia Asika Airscale Firmware 19b
Nokia Asika Airscale Firmware 20a
Nokia Asika Airscale Firmware 20b
Nokia Asika Airscale Firmware 20c
Nokia Asika Airscale Firmware 21a
1 EDB exploit
7.5
CVSSv3
CVE-2016-5650
ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows remote malicious users to trigger association with an arbitrary access point by using a recognized SSID value.
Zmodo Zp-ibh-13w -
Zmodo Zp-ne-14-s -
5.3
CVSSv3
CVE-2015-8287
Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM devices with firmware through 1022 allow remote malicious users to watch live video by visiting an unspecified URL.
Swann Swnvw-470cam Firmware
Swann Srnvw-470lcd Firmware
5.9
CVSSv3
CVE-2015-8288
NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and previous versions use the same hardcoded private key across different customers' installations, which allows remote malicious users to defeat cryptographic protection mechanisms by leve...
Netgear D3600 Firmware 1.0.0.49
Netgear D6000 Firmware
7.5
CVSSv3
CVE-2015-8289
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and previous versions allows remote malicious users to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.
Netgear D3600 Firmware 1.0.0.49
Netgear D6000 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »