Common Weakness Enumeration

CWE-1392

Allowed

Use of Default Credentials

Abstraction: Base · Status: Incomplete

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

191 vulnerabilities reference this CWE, most recent first.

CVE-2023-27573 (GCVE-0-2023-27573)

Vulnerability from cvelistv5 – Published: 2026-03-11 00:00 – Updated: 2026-03-11 14:23
VLAI
Summary
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
netbox-community netbox-docker Affected: 0 , < 2.5.0 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27573",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-11T14:15:15.278309Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T14:23:00.621Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "netbox-docker",
          "vendor": "netbox-community",
          "versions": [
            {
              "lessThan": "2.5.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392 Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-11T05:01:47.850Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/netbox-community/netbox-docker/issues/953"
        },
        {
          "url": "https://github.com/netbox-community/netbox-docker/pull/959"
        },
        {
          "url": "https://github.com/netbox-community/netbox-docker/releases/tag/2.5.0"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-27573",
    "datePublished": "2026-03-11T00:00:00.000Z",
    "dateReserved": "2023-03-03T00:00:00.000Z",
    "dateUpdated": "2026-03-11T14:23:00.621Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-3703 (GCVE-0-2023-3703)

Vulnerability from cvelistv5 – Published: 2023-09-03 14:19 – Updated: 2024-09-30 20:46
VLAI
Title
Proscend Advice ICR Series routers fw version 1.76
Summary
Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Proscend Advice ICR Series routers FW Affected: version 1.76 , < Upgrade to fw version 2.24. (custom)
Create a notification for this product.
proscend icr_series_routers_fw Affected: 1.76 , < 2.24 (custom)
    cpe:2.3:a:proscend:icr_series_routers_fw:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-09-03 13:42
Credits
Anonymous
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:57.368Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:proscend:icr_series_routers_fw:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "icr_series_routers_fw",
            "vendor": "proscend",
            "versions": [
              {
                "lessThan": "2.24",
                "status": "affected",
                "version": "1.76",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3703",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T20:43:24.600191Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T20:46:08.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ICR Series routers FW",
          "vendor": "Proscend Advice",
          "versions": [
            {
              "lessThan": "Upgrade to fw version 2.24.",
              "status": "affected",
              "version": "version 1.76",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Anonymous"
        }
      ],
      "datePublic": "2023-09-03T13:42:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eProscend Advice ICR Series routers FW version 1.76\u003c/span\u003e\u0026nbsp;- CWE-1392: Use of Default Credentials\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
            }
          ],
          "value": "\n\n\n\n\n\n\n\n\nProscend Advice ICR Series routers FW version 1.76\u00a0- CWE-1392: Use of Default Credentials"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392: Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-03T14:19:26.169Z",
        "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "shortName": "INCD"
      },
      "references": [
        {
          "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to fw version 2.24.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nUpgrade to fw version 2.24.\n\n"
        }
      ],
      "source": {
        "advisory": "ILVN-2023-0125",
        "discovery": "UNKNOWN"
      },
      "title": "Proscend Advice ICR Series routers fw version 1.76",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
    "assignerShortName": "INCD",
    "cveId": "CVE-2023-3703",
    "datePublished": "2023-09-03T14:19:26.169Z",
    "dateReserved": "2023-07-17T09:45:14.295Z",
    "dateUpdated": "2024-09-30T20:46:08.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-50803 (GCVE-0-2022-50803)

Vulnerability from cvelistv5 – Published: 2025-12-30 22:41 – Updated: 2026-01-05 20:24
VLAI
Title
JM-DATA ONU JF511-TV 1.0.67 Default Credentials Vulnerability
Summary
JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
JM-DATA ONU JF511-TV Affected: 1.0.67
Affected: 1.0.62
Affected: 1.0.55
Create a notification for this product.
Date Public
2022-06-14 00:00
Credits
Neurogenesia
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-50803",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-05T20:24:09.099847Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-05T20:24:15.140Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "JF511-TV",
          "vendor": "JM-DATA ONU",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.67"
            },
            {
              "status": "affected",
              "version": "1.0.62"
            },
            {
              "status": "affected",
              "version": "1.0.55"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Neurogenesia"
        }
      ],
      "datePublic": "2022-06-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T22:41:41.999Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "Zero Science Lab Disclosure (ZSL-2022-5708)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php"
        },
        {
          "name": "Packet Storm Security Exploit Entry",
          "tags": [
            "exploit"
          ],
          "url": "https://packetstormsecurity.com/files/167487/"
        },
        {
          "name": "CXSecurity Vulnerability Listing",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cxsecurity.com/issue/WLB-2022060058"
        },
        {
          "name": "IBM X-Force Vulnerability Exchange Entry",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229344"
        },
        {
          "name": "JM-DATA Vendor Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.jm-data.com/"
        },
        {
          "name": "VulnCheck Advisory: JM-DATA ONU JF511-TV 1.0.67 Default Credentials Vulnerability",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/jm-data-onu-jf-tv-default-credentials-vulnerability"
        }
      ],
      "title": "JM-DATA ONU JF511-TV 1.0.67 Default Credentials Vulnerability",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2022-50803",
    "datePublished": "2025-12-30T22:41:41.999Z",
    "dateReserved": "2025-12-27T13:53:29.755Z",
    "dateUpdated": "2026-01-05T20:24:15.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47707 (GCVE-0-2021-47707)

Vulnerability from cvelistv5 – Published: 2025-12-09 20:39 – Updated: 2026-04-07 14:05
VLAI
Title
COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure
Summary
COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
COMMAX Co., Ltd. COMMAX CVD-Axx DVR Affected: CVD-AH04 DVR 4.4.1
Create a notification for this product.
Date Public
2021-08-16 00:00
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47707",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-10T15:41:03.540626Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-10T15:41:18.274Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "COMMAX CVD-Axx DVR",
          "vendor": "COMMAX Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "CVD-AH04 DVR 4.4.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
        }
      ],
      "datePublic": "2021-08-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCOMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the \u0027passkey\u0027 parameter set to \u00271234\u0027, allowing them to access the web control panel.\u003c/p\u003e"
            }
          ],
          "value": "COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the \u0027passkey\u0027 parameter set to \u00271234\u0027, allowing them to access the web control panel."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392: Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T14:05:35.450Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-50210",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/50210"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.commax.com"
        },
        {
          "name": "Zero Science Lab Disclosure (ZSL-2021-5667)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5667.php"
        },
        {
          "name": "VulnCheck Advisory: COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/commax-cvd-axx-dvr-weak-default-credentials-stream-disclosure"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2021-47707",
    "datePublished": "2025-12-09T20:39:01.947Z",
    "dateReserved": "2025-12-05T19:10:29.046Z",
    "dateUpdated": "2026-04-07T14:05:35.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2020-36915 (GCVE-0-2020-36915)

Vulnerability from cvelistv5 – Published: 2026-01-06 15:52 – Updated: 2026-01-06 19:42
VLAI
Title
Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials
Summary
Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
  • CWE-1392 - Use of Default Credentials
Assigner
Date Public
2020-07-24 00:00
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-36915",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-06T19:42:21.293291Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-06T19:42:42.982Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.exploit-db.com/exploits/48954"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SignEdje Digital Signage Player",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "2.08.28"
            }
          ]
        },
        {
          "product": "mediaHUB HD-Pro High \u0026 Standard Definition MPEG2 Encoder",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "3.07.19"
            }
          ]
        },
        {
          "product": "afiniti Multi-Carrier Platform",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "1905_11"
            }
          ]
        },
        {
          "product": "EN-31 Dual Channel DSNG Encoder / Modulator",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "2.01.15"
            }
          ]
        },
        {
          "product": "EN-210 Multi-CODEC 10-bit Encoder / Modulator",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "3.00.29"
            }
          ]
        },
        {
          "product": "EN-200 1080p AVC Low Latency Encoder / Modulator",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "3.00.29"
            }
          ]
        },
        {
          "product": "ED-71 10-bit / 1080p Integrated Receiver Decoder",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "2.02.24"
            }
          ]
        },
        {
          "product": "edje-5110 Standard Definition MPEG2 Encoder",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "1.02.05"
            }
          ]
        },
        {
          "product": "edje-4111 HD Digital Media Player",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "2.07.09"
            }
          ]
        },
        {
          "product": "Soloist HD-Pro Broadcast Decoder",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "2.07.09"
            }
          ]
        },
        {
          "product": "adManage Traffic \u0026 Media Management Application",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
        }
      ],
      "datePublic": "2020-07-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-1392",
              "description": "Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-06T15:52:24.350Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-48954",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/48954"
        },
        {
          "name": "Adtec Digital Official Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.adtecdigital.com"
        },
        {
          "name": "Zero Science Lab Disclosure (ZSL-2020-5603)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5603.php"
        },
        {
          "name": "Packet Storm Security Exploit Entry",
          "tags": [
            "exploit"
          ],
          "url": "https://packetstorm.news/files/id/159709"
        },
        {
          "name": "IBM X-Force Vulnerability Exchange",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190628"
        },
        {
          "name": "VulnCheck Advisory: Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/adtec-digital-signedje-digital-signage-player-default-credentials"
        }
      ],
      "title": "Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2020-36915",
    "datePublished": "2026-01-06T15:52:24.350Z",
    "dateReserved": "2026-01-03T14:10:13.301Z",
    "dateUpdated": "2026-01-06T19:42:42.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2018-25147 (GCVE-0-2018-25147)

Vulnerability from cvelistv5 – Published: 2025-12-24 19:27 – Updated: 2025-12-24 20:25
VLAI
Title
Microhard Systems IPn4G 1.1.0 Default Credentials Authentication Bypass
Summary
Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Date Public
2018-03-13 00:00
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-25147",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-24T20:11:21.555246Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-24T20:25:21.195Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5480.php"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Credentials",
          "vendor": "Microhard Systems",
          "versions": [
            {
              "status": "affected",
              "version": "IPn4G 1.1.0 build 1098"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
        }
      ],
      "datePublic": "2018-03-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T19:27:50.490Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-45040",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/45040"
        },
        {
          "name": "Microhard Systems Product Homepage",
          "tags": [
            "product"
          ],
          "url": "http://www.microhardcorp.com"
        },
        {
          "name": "Zero Science Lab Disclosure (ZSL-2018-5480)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5480.php"
        }
      ],
      "title": "Microhard Systems IPn4G 1.1.0 Default Credentials Authentication Bypass",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2018-25147",
    "datePublished": "2025-12-24T19:27:50.490Z",
    "dateReserved": "2025-12-24T14:28:02.435Z",
    "dateUpdated": "2025-12-24T20:25:21.195Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

GHSA-2HP7-65R3-WV54

Vulnerability from github – Published: 2026-04-22 22:03 – Updated: 2026-05-13 13:30
VLAI
Summary
NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access
Details

Summary

The --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address (all interfaces), regardless of what the user configures.

On a LAN, this exposes the graph database — with its default admin:password credentials — to any device sharing the network.

Version

  • nornicdb v1.0.39
  • Built from commit afe7c9d on main
  • Platform: macOS (darwin 25.4.0, arm64)

Reproduction

$ nornicdb serve --address 127.0.0.1 --bolt-port 7687 --http-port 7474 ...

Output claims Bolt is on localhost:

Bolt server listening on bolt://localhost:7687

But the actual socket:

$ netstat -an -p tcp | grep 7687
tcp46      0      0  *.7687                 *.*                    LISTEN

$ lsof -iTCP:7687 -sTCP:LISTEN -n -P
nornicdb ... IPv6 ... TCP *:7687 (LISTEN)

HTTP port is correctly bound:

tcp4  127.0.0.1.7474   *.*  LISTEN

Reachable from another host on the LAN:

$ nc -z 192.168.x.y 7687
Connection to 192.168.x.y port 7687 [tcp/*] succeeded!

Setting NORNICDB_BOLT_ADDRESS=127.0.0.1 or server.host: "127.0.0.1" in config.yaml has no effect on the Bolt listener.

Root Cause

In pkg/bolt/server.go:774-776:

func (s *Server) ListenAndServe() error {
    addr := fmt.Sprintf(":%d", s.config.Port)
    listener, err := net.Listen("tcp", addr)
    ...
}

bolt.Config (line 474) has no Host/Address/Addr field — only Port. The CLI flag --address is stored in a local variable in cmd/nornicdb/main.go:80 and used to format user-facing log output (line 637–644), but is never copied into boltConfig at line 600–609 when Bolt is initialized.

Since ListenAndServe calls net.Listen("tcp", ":7687") with an empty host, Go binds the wildcard socket on all interfaces.

Suggested Fix

  1. Add a Host string field to bolt.Config (default "127.0.0.1", matching the CLI flag default).
  2. In cmd/nornicdb/main.go around line 601, wire it through: go boltConfig.Host = address boltConfig.Port = boltPort
  3. In pkg/bolt/server.go:775, use the host: go addr := net.JoinHostPort(s.config.Host, strconv.Itoa(s.config.Port))

Security Impact

  • Default admin:password credentials + wildcard binding = anyone on the same WiFi can issue arbitrary Cypher queries (read, write, delete nodes) against NornicDB instances running with default setup.
  • Users following the README will reasonably assume --address 127.0.0.1 (the documented default) binds both protocols to localhost.
  • Workaround: host-firewall rules (e.g. macOS pf) blocking non-loopback → 7687. Not discoverable from the docs.
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/orneryd/nornicdb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.42-hotfix"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42072"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-22T22:03:43Z",
    "nvd_published_at": "2026-05-08T17:16:31Z",
    "severity": "CRITICAL"
  },
  "details": "## Summary\n\nThe `--address` CLI flag (and `NORNICDB_ADDRESS` / `server.host` config key) is plumbed through to the HTTP server correctly but **never reaches the Bolt server config**. The Bolt listener therefore always binds to the wildcard address (all interfaces), regardless of what the user configures.\n\nOn a LAN, this exposes the graph database \u2014 with its default `admin:password` credentials \u2014 to any device sharing the network.\n\n## Version\n\n- `nornicdb v1.0.39`\n- Built from commit `afe7c9d` on `main`\n- Platform: macOS (darwin 25.4.0, arm64)\n\n## Reproduction\n\n```\n$ nornicdb serve --address 127.0.0.1 --bolt-port 7687 --http-port 7474 ...\n```\n\nOutput claims Bolt is on localhost:\n```\nBolt server listening on bolt://localhost:7687\n```\n\nBut the actual socket:\n```\n$ netstat -an -p tcp | grep 7687\ntcp46      0      0  *.7687                 *.*                    LISTEN\n\n$ lsof -iTCP:7687 -sTCP:LISTEN -n -P\nnornicdb ... IPv6 ... TCP *:7687 (LISTEN)\n```\n\nHTTP port is correctly bound:\n```\ntcp4  127.0.0.1.7474   *.*  LISTEN\n```\n\nReachable from another host on the LAN:\n```\n$ nc -z 192.168.x.y 7687\nConnection to 192.168.x.y port 7687 [tcp/*] succeeded!\n```\n\nSetting `NORNICDB_BOLT_ADDRESS=127.0.0.1` or `server.host: \"127.0.0.1\"` in `config.yaml` has **no effect** on the Bolt listener.\n\n## Root Cause\n\nIn `pkg/bolt/server.go:774-776`:\n\n```go\nfunc (s *Server) ListenAndServe() error {\n    addr := fmt.Sprintf(\":%d\", s.config.Port)\n    listener, err := net.Listen(\"tcp\", addr)\n    ...\n}\n```\n\n`bolt.Config` (line 474) has no `Host`/`Address`/`Addr` field \u2014 only `Port`. The CLI flag `--address` is stored in a local variable in `cmd/nornicdb/main.go:80` and used to format user-facing log output (line 637\u2013644), but is never copied into `boltConfig` at line 600\u2013609 when Bolt is initialized.\n\nSince `ListenAndServe` calls `net.Listen(\"tcp\", \":7687\")` with an empty host, Go binds the wildcard socket on all interfaces.\n\n## Suggested Fix\n\n1. Add a `Host string` field to `bolt.Config` (default `\"127.0.0.1\"`, matching the CLI flag default).\n2. In `cmd/nornicdb/main.go` around line 601, wire it through:\n   ```go\n   boltConfig.Host = address\n   boltConfig.Port = boltPort\n   ```\n3. In `pkg/bolt/server.go:775`, use the host:\n   ```go\n   addr := net.JoinHostPort(s.config.Host, strconv.Itoa(s.config.Port))\n   ```\n\n## Security Impact\n\n- Default `admin:password` credentials + wildcard binding = anyone on the same WiFi can issue arbitrary Cypher queries (read, write, delete nodes) against NornicDB instances running with default setup.\n- Users following the README will reasonably assume `--address 127.0.0.1` (the documented default) binds *both* protocols to localhost.\n- Workaround: host-firewall rules (e.g. macOS `pf`) blocking non-loopback \u2192 7687. Not discoverable from the docs.",
  "id": "GHSA-2hp7-65r3-wv54",
  "modified": "2026-05-13T13:30:30Z",
  "published": "2026-04-22T22:03:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/orneryd/NornicDB/security/advisories/GHSA-2hp7-65r3-wv54"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42072"
    },
    {
      "type": "WEB",
      "url": "https://github.com/orneryd/NornicDB/commit/adce4f9a9fc7b6aada07c0bfa2d737cd7a6efaca"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/orneryd/NornicDB"
    },
    {
      "type": "WEB",
      "url": "https://github.com/orneryd/NornicDB/releases/tag/v1.0.42"
    },
    {
      "type": "WEB",
      "url": "https://github.com/orneryd/NornicDB/releases/tag/v1.0.42-hotfix"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access"
}

GHSA-2QGH-37RM-MV6X

Vulnerability from github – Published: 2024-12-17 18:33 – Updated: 2024-12-17 18:33
VLAI
Details

Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys™ Informatics Solution is only in scope of this vulnerability when installed on a NUC server. BD Synapsys™ Informatics Solution installed on a customer-provided virtual machine or on the BD Kiestra™ SCU hardware is not in scope.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10476"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-17T16:15:23Z",
    "severity": "HIGH"
  },
  "details": "Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys\u2122 Informatics\nSolution is only in scope of\nthis vulnerability when\ninstalled on a NUC server. BD Synapsys\u2122\nInformatics Solution installed\non a customer-provided virtual machine or on the BD Kiestra\u2122 SCU hardware is\nnot in scope.",
  "id": "GHSA-2qgh-37rm-mv6x",
  "modified": "2024-12-17T18:33:49Z",
  "published": "2024-12-17T18:33:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10476"
    },
    {
      "type": "WEB",
      "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-cybersecurity-vulnerability-bulletin-diagnostic-solutions-products"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-35HW-X784-33FR

Vulnerability from github – Published: 2025-09-25 15:30 – Updated: 2025-11-03 21:34
VLAI
Details

iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry (including keylogger output) and issuing arbitrary actions to all connected clients.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10542"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-25T15:16:09Z",
    "severity": "CRITICAL"
  },
  "details": "iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client\u2019s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry (including keylogger output) and issuing arbitrary actions to all connected clients.",
  "id": "GHSA-35hw-x784-33fr",
  "modified": "2025-11-03T21:34:35Z",
  "published": "2025-09-25T15:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10542"
    },
    {
      "type": "WEB",
      "url": "https://r.sec-consult.com/imonitor"
    },
    {
      "type": "WEB",
      "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-imonitorsoft-eam"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/72"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-37PF-3G8R-X352

Vulnerability from github – Published: 2025-03-09 09:30 – Updated: 2025-03-09 09:30
VLAI
Details

A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been declared as problematic. This vulnerability affects unknown code of the component Device Registration Handler. The manipulation leads to use of default credentials. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2119"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-09T09:15:12Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been declared as problematic. This vulnerability affects unknown code of the component Device Registration Handler. The manipulation leads to use of default credentials. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-37pf-3g8r-x352",
  "modified": "2025-03-09T09:30:48Z",
  "published": "2025-03-09T09:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2119"
    },
    {
      "type": "WEB",
      "url": "https://github.com/geo-chen/Thinkware-Dashcam"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.299032"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.299032"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.507326"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Requirements

Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.

Mitigation
Architecture and Design

Force the administrator to change the credential upon installation.

Mitigation
Installation Operation

The product administrator could change the defaults upon installation or during operation.

No CAPEC attack patterns related to this CWE.