Total
210 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30325 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2024-11-21 | 8.8 High |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network. | ||||
| CVE-2022-2927 | 1 Notrinos | 1 Notrinoserp | 2024-11-21 | 9.8 Critical |
| Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7. | ||||
| CVE-2022-2098 | 1 Kromit | 1 Titra | 2024-11-21 | 9.8 Critical |
| Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1. | ||||
| CVE-2022-29729 | 1 Verizon | 2 4g Lte Network Extender, 4g Lte Network Extender Firmware | 2024-11-21 | 7.5 High |
| Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. | ||||
| CVE-2022-29700 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 High |
| A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. | ||||
| CVE-2022-29098 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 8.1 High |
| Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. | ||||
| CVE-2022-28377 | 1 Verizon | 4 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware, Lvskihp Outdoorunit and 1 more | 2024-11-21 | 7.5 High |
| On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of the IDU's base Ethernet interface, and adding the string DEVICE_MANUFACTURER='Wistron_NeWeb_Corp.' to /etc/device_info to replicate the host environment. This occurs in /etc/init.d/wnc_factoryssidkeypwd (IDU). | ||||
| CVE-2022-27558 | 1 Hcltech | 2 Domino, Hcl Inotes | 2024-11-21 | 5.9 Medium |
| HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. | ||||
| CVE-2022-26117 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 8.8 High |
| An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. | ||||
| CVE-2022-22110 | 1 Daybydaycrm | 1 Daybyday Crm | 2024-11-21 | 7.5 High |
| In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort. | ||||
| CVE-2022-1775 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 9.8 Critical |
| Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. | ||||
| CVE-2022-1236 | 1 Weseek | 1 Growi | 2024-11-21 | 6.5 Medium |
| Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0. | ||||
| CVE-2021-43471 | 1 Canon | 2 Lbp223dw, Lbp223dw Firmware | 2024-11-21 | 7.5 High |
| In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability. | ||||
| CVE-2021-43036 | 1 Kaseya | 1 Unitrends Backup | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak. | ||||
| CVE-2021-41696 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2024-11-21 | 6.5 Medium |
| An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php. | ||||
| CVE-2021-41296 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2024-11-21 | 9.8 Critical |
| ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | ||||
| CVE-2021-40520 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2024-11-21 | 9.8 Critical |
| Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials. | ||||
| CVE-2021-40333 | 1 Hitachienergy | 4 Fox615, Fox615 Firmware, Xcm20 and 1 more | 2024-11-21 | 9 Critical |
| Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. | ||||
| CVE-2021-39434 | 1 Zkteco | 1 Zktime | 2024-11-21 | 7.5 High |
| A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220. | ||||
| CVE-2021-38935 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 7.5 High |
| IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892. | ||||