18 matches found
CVE-2026-34472
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...
CVE-2026-33037
WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...
NetBird VPN 安全漏洞
NetBird VPN is an open source proxy software from NetBird. A security vulnerability exists in NetBird VPN that stems from the failure to remove or change the default administrator account password created by ZITADEL during installation...
CVE-2025-8452
By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...
CVE-2025-8452 Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., Toshiba Tec, and Konica Minolta, Inc.
By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...
CVE-2025-8452
CVE-2025-8452 leverages eSCL or SNMP to retrieve a printer’s serial number and then applies the technique described in CVE-2024-51978 to derive the default administrator password. If the password remains at its default, an attacker could gain admin access; changing the password mitigates the risk...
CVE-2024-51978
An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...
CVE-2024-51978
An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...
CVE-2023-6448
Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system...
CVE-2021-35965
The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in...
PT-2021-21085 · Orca Hcm · Orca Hcm
Name of the Vulnerable Software and Affected Versions: Orca HCM digital learning platform affected versions not specified Description: The issue concerns the use of a weak factory default administrator password in the Orca HCM digital learning platform. This password is hard-coded in the source...
CVE-2019-1688
A vulnerability in the management web interface of Cisco Network Assurance Engine NAE could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service DoS condition on the server. The vulnerability is due to a fault in the password management system of NAE. ...
The vulnerability of the Microprogrammed Routing Software of the Axesstel MU553S router lies in the use of the default standard password for the administrator account, allowing attackers to compromise the confidentiality, integrity, and accessibility of data.
The vulnerability of the microprogrammed routing software Axesstel MU553S is related to the default use of a standard password for the administrator account. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of data...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
GLSA-200601-15 : Paros: Default administrator password
The remote host is affected by the vulnerability described in GLSA-200601-15 Paros: Default administrator password Andrew Christensen discovered that in older versions of Paros the database component HSQLDB is installed with an empty password for the database administrator 'sa'. Impact : Since th...
SMC2804WBR Default Credentials (HTTP)
The remote host is a SMC2804WBR access point. This host is installed with a default administrator password smcadmin which has not been modified. SPDX-FileCopyrightText: 2004 Audun Larsen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...
Enhydra Multiserver Default Password
This system appears to be running the Enhydra application server configured with the default administrator password of 'enhydra'. A potential intruder could reconfigure this service and use it to obtain full access to the system. This script was written by H D Moore See the Nessus Scripts License...
CVE-2002-0667
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone...