CVE-2017-20214

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system...

CVE-2019-25291

CVE-2019-25291 affects INIM Electronics Smartliving SmartLAN/G/SI versions 6.x and earlier, where hard-coded credentials are baked into the Linux distribution image and cannot be changed via normal device operations. This enables attackers to log in and gain unauthorized system access across mult...

CVE-2018-25138

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

PT-2025-53358

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

EUVD-2025-30192

Malicious code in bioql PyPI...

CVE-2025-30519 Dover Fueling Solutions ProGauge MagLink LX4 Devices Use of Weak Credentials

Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system...

CVE-2025-35451 Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be...

PT-2024-31945 · Pix Link · Pix-Link Lv-Wr22

Name of the Vulnerable Software and Affected Versions: PIX-LINK LV-WR22 version RE3002-P1-01 V117.0 Description: The issue concerns Improper Access Control, where the TELNET service is enabled with weak credentials for a root-level account, and these credentials cannot be changed. Recommendations...

CVE-2023-49253

Root user password is hardcoded into the device and cannot be changed in the user interface...

Default credentials

The Akuvox E11 secure shell SSH server is enabled by default and can be accessed by the root user. This password cannot be changed by the user...

CVE-2022-47209

A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means...

CVE-2016-10862

Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page...

CVE-2018-19064

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed...

Rapid7 Nexpose Static Java Key Vault Cryptographic Vulnerability

Rapid7 Nexpose is a suite of vulnerability management software from Rapid7 USA that can synthesize different scans to deeply probe a network. The software proactively scans configuration environments for errors, vulnerabilities, malware and provides guidance to reduce risk. Rapid7 Nexpose has a...

PT-2005-4554 · Cisco · Cisco Ip Phone 7920

Name of the Vulnerable Software and Affected Versions: Cisco IP Phone VoIP 7920 version 1.08 Description: The issue concerns hard-coded public and private SNMP community strings that cannot be changed, allowing remote attackers to obtain sensitive information. Recommendations: For Cisco IP Phone...