ReportizFlow
Filtered by vendor
Subscriptions
Total
94 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12592 | 1 Vivotek | 1 Camera | 2026-04-15 | N/A |
| Legacy Vivotek Device firmware uses default credetials for the root and user login accounts. | ||||
| CVE-2024-30210 | 2026-04-15 | 7.4 High | ||
| IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device. | ||||
| CVE-2024-10476 | 2026-04-15 | 8 High | ||
| Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys™ Informatics Solution is only in scope of this vulnerability when installed on a NUC server. BD Synapsys™ Informatics Solution installed on a customer-provided virtual machine or on the BD Kiestra™ SCU hardware is not in scope. | ||||
| CVE-2025-55051 | 2026-04-15 | 10 Critical | ||
| CWE-1392: Use of Default Credentials | ||||
| CVE-2025-1531 | 2026-04-15 | 6.5 Medium | ||
| Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00. | ||||
| CVE-2024-4622 | 2026-04-15 | N/A | ||
| If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator. | ||||
| CVE-2025-2341 | 2026-04-15 | 3.1 Low | ||
| A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-31069 | 2026-04-15 | 7.4 High | ||
| IO-1020 Micro ELD web server uses a default password for authentication. | ||||
| CVE-2024-28093 | 1 Adtran | 1 Netvanta 3120 Firmware | 2026-04-15 | 8.8 High |
| The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. | ||||
| CVE-2024-13893 | 2026-04-15 | N/A | ||
| Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the inserted SD card needs to have a folder with a specific name created. Two products were tested, but since the vendor has not replied to reports, patching status remains unknown, as well as groups of devices and firmware ranges in which the same password is shared. Newer firmware versions might be vulnerable as well. | ||||
| CVE-2025-7740 | 1 Hitachienergy | 1 Supros | 2026-04-15 | N/A |
| Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin account created during product deployment. | ||||
| CVE-2021-47707 | 1 Commax | 1 Cvd-axx Dvr | 2026-04-15 | N/A |
| COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel. | ||||
| CVE-2025-29525 | 1 Dasan | 1 H660wm | 2026-04-15 | 5.3 Medium |
| DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem's control panel. | ||||
| CVE-2025-8731 | 1 Trendnet | 3 Ti-g160i, Ti-pg102i, Tpl-430ap | 2026-04-15 | 9.8 Critical |
| A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains: "For product TI-PG102i and TI-G160i, by default, the product's remote management options are all disabled. The root account is for troubleshooting purpose and the password is encrypted. However, we will remove the root account from the next firmware release. For product TPL-430AP, the initial setup process requires user to set the password for the management GUI. Once that was done, the default password will be invalid." | ||||
| CVE-2020-36915 | 2026-04-15 | 7.5 High | ||
| Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions. | ||||
| CVE-2025-10678 | 1 Netbirdio | 1 Netbird | 2026-04-15 | N/A |
| NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not changed nor the user was removed. This issue has been fixed in version 0.57.0 | ||||
| CVE-2024-12286 | 2026-04-15 | 9.8 Critical | ||
| MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials. | ||||
| CVE-2024-27158 | 1 Toshibatec | 50 E-studio-2010-ac, E-studio-2015-nc, E-studio-2018 A and 47 more | 2026-04-15 | 7.4 High |
| All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-5632 | 2026-04-15 | N/A | ||
| Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. A user is neither advised to change it during the installation process, nor such a need is described in the manual. As the cameras from the same kit connect automatically, it is very probable for the default password to be left unchanged. | ||||
| CVE-2025-2398 | 2026-04-15 | 7.2 High | ||
| A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been rated as critical. This issue affects some unknown processing of the component CLI su Command Handler. The manipulation leads to use of default credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||