Total
80 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1803 | 2026-02-03 | 7.6 HIGH | 8.1 HIGH | ||
| A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This manipulation causes use of default credentials. Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-1711 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-01-29 | N/A | 4.3 MEDIUM |
| Multiple services of the DUT as well as different scopes of the same service reuse the same credentials. | |||||
| CVE-2025-7740 | 2026-01-29 | N/A | N/A | ||
| Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin account created during product deployment. | |||||
| CVE-2018-25147 | 1 Microhardcorp | 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more | 2026-01-26 | N/A | 7.5 HIGH |
| Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations. | |||||
| CVE-2025-58744 | 2026-01-26 | N/A | N/A | ||
| Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key. This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808. | |||||
| CVE-2026-22273 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2025-59108 | 2026-01-26 | N/A | N/A | ||
| By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced. | |||||
| CVE-2020-36915 | 2026-01-08 | N/A | 7.5 HIGH | ||
| Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions. | |||||
| CVE-2022-50803 | 2025-12-31 | N/A | 9.8 CRITICAL | ||
| JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges. | |||||
| CVE-2025-35452 | 4 Multicam-systems, Ptzoptics, Smtav and 1 more | 121 Mcamii Ptz, Mcamii Ptz Firmware, Ndi Fixed Camera and 118 more | 2025-12-23 | N/A | 9.8 CRITICAL |
| PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface. | |||||
| CVE-2024-4007 | 1 Abb | 26 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 23 more | 2025-12-19 | N/A | 8.8 HIGH |
| Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. | |||||
| CVE-2025-35042 | 1 Airship.ai | 1 Acropolis | 2025-12-19 | N/A | 9.8 CRITICAL |
| Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.21, and 11.1.9. | |||||
| CVE-2025-54303 | 1 Thermofisher | 1 Torrent Suite Software | 2025-12-16 | N/A | 9.8 CRITICAL |
| The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be used to authenticate to default deployments with the password ionadmin. The user guide recommends changing default credentials; however, a password change policy for default administrative accounts is not enforced. Many deployments may retain default credentials, in which case an attacker is likely to be able to successfully authenticate with administrative privileges. | |||||
| CVE-2023-49621 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device. | |||||
| CVE-2021-47707 | 2025-12-12 | N/A | N/A | ||
| COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel. | |||||
| CVE-2024-29844 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | N/A | 9.8 CRITICAL |
| Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password. | |||||
| CVE-2025-12592 | 2025-11-19 | N/A | N/A | ||
| Legacy Vivotek Device firmware uses default credetials for the root and user login accounts. | |||||
| CVE-2025-11943 | 1 70mai | 2 X200, X200 Firmware | 2025-11-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6529 | 1 70mai | 2 M300, M300 Firmware | 2025-11-14 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12217 | 1 Azure-access | 4 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 1 more | 2025-11-10 | N/A | 9.1 CRITICAL |
| SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||||