CVE-2021-28909

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an attack chain to gain SS...

CVE-2020-25753

An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml...

CVE-2020-25753

An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml...

U.S. Dept Of Defense: Default Admin Username and Password on █████ Server at █████████mil

Description: A ██████ Server is running at https://███mil you can access the login at https://████mil/█████████ the application is using the default "Administrator for the default organization" credentials POC Go to https://███mil/████████ and login with █████ ██████████ ████ ████ How to remediat...

CVE-2021-30165

The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices...

CVE-2021-30165

CVE-2021-30165 affects EDIMAX wireless network cameras (e.g., IC-3140W) where the default administrator account and password are hard-coded. The root cause is a hard-coded credential that enables remote attackers to disassemble firmware and obtain privileged permissions, allowing potential full c...

CVE-2020-35296

ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access...

CVE-2020-11720

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this password...

CVE-2020-11720

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this password...

Bilanc Shpk Programi Bilanc build Trust Management Issues Vulnerabilities

Bilanc Shpk Programi Bilanc is a software for generating balance sheets from Bilanc Shpk, Alphania. A vulnerability with trust management issues exists in Programi Bilanc build 014 31.01.2020 007 distribution and below. During installation, it defaults to using the account administrator and...

V-SOL Multiple Product Trust Management Issue Vulnerabilities

V-Solution V1600D is a Gpon-enabled terminal device for connecting fiber optic trunks.V-Solution V1600D4L is a Gpon-enabled terminal device for connecting fiber optic trunks.V-Solution V1600D-MINI is a Gpon-enabled terminal device for connecting fiber optic trunks.V-Solution V1600G1 is a...

CVE-2020-27689

The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...

Design/Logic Flaw

The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...

CVE-2020-27689

The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...

CVE-2020-14011

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features...

CVE-2020-11532

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...

ManageEngine DataSecurity Plus Authentication Bypass

XL-2020-002 - DataSecurity Plus Xnode Server - Authentication Bypass =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11532 XL-20-002 CVSSv3 score ------------------------------------------------...

IBM Data Risk Manager Code Execution Vulnerability

IBM Data Risk Manager is a data risk manager from IBM USA. The product supports discovery, analysis and visualization of business risk data, among other things. A code execution vulnerability exists in IBM Data Risk Manager, which stems from the use of a default password for the IDRM administrati...

Argo Authorization Issues Vulnerability

Argo is an open source container native workflow engine. Argo suffers from an authorization issue vulnerability that stems from the program setting the default administrator password to the argocd-server container group name. An attacker can exploit this vulnerability to gain administrator...

CVE-2020-8828

As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be ke...