Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-21239

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Jun, 2020 | 16:31
Updated At-05 Aug, 2024 | 12:26
Rejected At-
Credits

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Jun, 2020 | 16:31
Updated At:05 Aug, 2024 | 12:26
Rejected At:
â–¼CVE Numbering Authority (CNA)

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.foxitsoftware.com/support/security-bulletins.php
x_refsource_CONFIRM
Hyperlink: https://www.foxitsoftware.com/support/security-bulletins.php
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.foxitsoftware.com/support/security-bulletins.php
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.foxitsoftware.com/support/security-bulletins.php
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Jun, 2020 | 17:15
Updated At:09 Jun, 2020 | 16:35

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Foxit Software Incorporated
foxitsoftware
>>phantompdf>>Versions before 9.2(exclusive)
cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*
Foxit Software Incorporated
foxitsoftware
>>reader>>Versions before 9.2(exclusive)
cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-522Primarynvd@nist.gov
CWE ID: CWE-522
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.foxitsoftware.com/support/security-bulletins.phpcve@mitre.org
Vendor Advisory
Hyperlink: https://www.foxitsoftware.com/support/security-bulletins.php
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

253Records found
CVE-2018-21237
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 0.94%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:33
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-21235
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 1.75%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:41
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-e-mail_advertising_systemn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-18689
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.04%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 17:59
Updated-27 Nov, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop.

Action-Not Available
Vendor-visagesoftqoppagonitrosodapdfsoft-xpansioniskysoftpdfforgeavanquestn/aLinux Kernel Organization, IncMicrosoft CorporationFoxit Software IncorporatedPDF-XChange Co Ltd.Apple Inc.
Product-foxit_readerpdf_studiopdf_experte_ultimatesoda_pdf_desktoppdf-xchange_editorpdfelement6nitro_pronitro_readermacosexpert_pdf_ultimatesoda_pdfperfect_pdf_readerlinux_kernelwindowspdf_studio_viewer_2018pdf_architectpdf_editor_6perfect_pdf_10expert_pdf_readerpdf-xchange_viewern/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-18688
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 17:38
Updated-05 Aug, 2024 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.

Action-Not Available
Vendor-qoppagonitrocode-industrylibreofficesoft-xpansioniskysoftnuancen/aLinux Kernel Organization, IncMicrosoft CorporationApple Inc.Foxit Software Incorporated
Product-pdf_studiophantompdfpdfelement6nitro_pronitro_readermacosperfect_pdf_readerlinux_kernelwindowsmaster_pdf_editorpower_pdf_standardpdf_studio_viewer_2018libreofficepdf_editor_6perfect_pdf_10foxit_readern/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-17781
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-29 Sep, 2018 | 17:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-26540
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 0.45%
||
7 Day CHG~0.00%
Published-02 Oct, 2020 | 08:00
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur.

Action-Not Available
Vendor-n/aApple Inc.Foxit Software Incorporated
Product-phantompdffoxit_readermacosn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-13803
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 0.45%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 14:33
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-13805
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 2.65%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 14:40
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-13810
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 0.45%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 14:55
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-20834
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 0.46%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:47
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-20836
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 2.48%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:43
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-20833
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 1.75%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:49
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-20837
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 0.45%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:43
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-3252
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.57%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 14:15
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure vulnerability.

Action-Not Available
Vendor-kaco-newenergyn/a
Product-xp100u_firmwarexp100un/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-33024
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-3.7||LOW
EPSS-0.18% / 39.96%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-16 Apr, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Vue PACS Insufficiently Protected Credentials

Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.

Action-Not Available
Vendor-Philips
Product-myvuevue_motionspeechvue_pacsVue MotionVue PACSVue SpeechVue MyVue
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-32770
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.56%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 18:30
Updated-03 Aug, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Basic-auth app bundle credential exposure in gatsby-source-wordpress

Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. A patch has been introduced in gatsby-source-wordpress@4.0.8 and gatsby-source-wordpress@5.9.2 which mitigates the issue by filtering all variables specified in the `auth: { }` section. Users that depend on this functionality are advised to upgrade to the latest release of gatsby-source-wordpress, run `gatsby clean` followed by a `gatsby build`. One may manually edit the app.js file post-build as a workaround.

Action-Not Available
Vendor-gatsbyjsgatsbyjs
Product-gatsby-source-wordpressgatsby
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-13187
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 16.49%
||
7 Day CHG~0.00%
Published-14 Nov, 2025 | 22:02
Updated-04 Feb, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Intelbras ICIP acessodeusuario.xml credentials storage

A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-intelbrasIntelbras
Product-icip_30_firmwareicip_30ICIP
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-32978
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.33%
||
7 Day CHG~0.00%
Published-04 Apr, 2022 | 19:45
Updated-16 Apr, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Automation Direct CLICK PLC CPU Modules Plaintext Storage of a Password

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00.

Action-Not Available
Vendor-AutomationDirect
Product-c0-12dd1e-d_firmwarec0-10dd1e-dc0-12dd1e-1-dc0-11dd1e-dc0-11dre-d_firmwarec0-12are-1-dc0-11dd2e-d_firmwarec0-10dd1e-d_firmwarec0-11dd2e-dc0-12dre-2-dc0-12are-d_firmwarec0-12dd2e-d_firmwarec0-12dre-dc0-12are-2-dc0-10dre-d_firmwarec0-12dd1e-dc0-11dre-dc0-10dre-dc0-11are-dc0-12dd2e-dc0-12dd1e-2-d_firmwarec0-12dd1e-1-d_firmwarec0-12dre-d_firmwarec0-12are-2-d_firmwarec0-12dd2e-2-d_firmwarec0-12dd2e-1-d_firmwarec0-11dd1e-d_firmwarec0-12dd1e-2-dc0-12dd2e-1-dc0-10dd2e-dc0-12dre-2-d_firmwarec0-11are-d_firmwarec0-10are-d_firmwarec0-10dd2e-d_firmwarec0-12dd2e-2-dc0-12are-1-d_firmwarec0-12dre-1-d_firmwarec0-12dre-1-dc0-10are-dc0-12are-dCLICK PLC CPU Modules: C0-1x CPUs
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20399
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.94% / 86.13%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-n/aMotorola Mobility LLC. (Lenovo Group Limited)
Product-sbg941_firmwaresbg901_firmwaresbg901svg1202svg1202_firmwaresbg941n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20388
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.18%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-17 Sep, 2024 | 02:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-comtrendn/a
Product-cm-6300ncm-6300n_firmwarecm-6200uncm-6200un_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20391
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.18%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-16 Sep, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-teknoteln/a
Product-cbw700n_firmwarecbw700nn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-21248
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.08%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 16:47
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.

Action-Not Available
Vendor-n/aMattermost, Inc.
Product-mattermost_servern/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20389
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.38% / 79.95%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dcm-604_firmwaredcm-604dcm-704_firmwaredcm-704n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.18%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-17 Sep, 2024 | 00:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-kaonmedian/a
Product-cg2001-an22acg2001-udbnacg2001-udbna_firmwarecg2001-an22a_firmwarecg2001-un2nacg2001-un2na_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.18%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-mplustecn/a
Product-cbc383zcbc383z_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20386
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 73.98%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-commscopen/a
Product-arris_sbg6580-2_firmwarearris_sbg6580-2n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20394
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.18%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-twg870twg870_firmwaredwg855_firmwaredwg850-4_firmwaredwg855dwg850-4dwg849dwg849_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20445
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 67.34%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dcm-604_firmwaredcm-604dcm-704_firmwaredcm-704n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20396
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 73.98%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-16 Sep, 2024 | 23:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-telaumn/a
Product-ming2120jming6300_firmwareming2120j_firmwareming6300n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20382
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.18%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-16 Sep, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-jezetek-intln/a
Product-bcm93383wrg_firmwarebcm93383wrgn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20383
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 73.98%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-commscopearrisn/a
Product-arris_dg950sarris_dg950a_firmwaredg950s_firmwarearris_dg950an/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20443
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.26%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-tc7200.d1itc7200.d1i_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20441
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.26%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-tc7200.th2v2tc7200.th2v2_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20444
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.43%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-16 Sep, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-cga0111_firmwarecga0111n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20439
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.43%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-17 Sep, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-dpc3928sldpc3928sl_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20395
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.18%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-16 Sep, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-net-waven/a
Product-ming6200ming6200_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20440
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.26%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-cwa0101cwa0101_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20438
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.26%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-16 Sep, 2024 | 23:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-tc7110.artc7110.ar_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20401
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.18%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-16 Sep, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-zoomteln/a
Product-53525352_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20392
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 69.45%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-dpc2100_firmwaredpc2100n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20384
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.18%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-17 Sep, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-inovobbn/a
Product-ib-8120-w21e1_firmwareib-8120-w21_firmwareib-8120-w21e1ib-8120-w21n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20387
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.18%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bnmux BCW700J 5.20.7, BCW710J 5.30.6a, and BCW710J2 5.30.16 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-bnmuxn/a
Product-bcw710j_firmwarebcw700j_firmwarebcw710j2_firmwarebcw710j2bcw710jbcw700jn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.18%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-16 Sep, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-castlenetn/a
Product-cbv38z4eccbw383g4j_firmwarecbw38g4j_firmwarecbv38z4ecnitcbv38z4ecnit_firmwarecbw383g4jcbw38g4jcbv38z4ec_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20400
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.18%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-ubeeinteractiven/a
Product-dvw2110dvw2108_firmwaredvw2108dvw2110_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20243
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.68% / 71.13%
||
7 Day CHG~0.00%
Published-13 Oct, 2020 | 18:23
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-fineractApache Fineract
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-19466
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.20% / 93.97%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 16:57
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.

Action-Not Available
Vendor-portainern/a
Product-portainern/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-18754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 53.33%
||
7 Day CHG~0.00%
Published-28 Oct, 2018 | 17:00
Updated-16 Sep, 2024 | 23:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.

Action-Not Available
Vendor-n/aZyxel Networks Corporation
Product-vmg3312-b10b_firmwarevmg3312-b10bn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-18074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-09 Oct, 2018 | 15:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSERed Hat, Inc.Python Software Foundation
Product-enterprise_linux_serverubuntu_linuxrequestsenterprise_linux_workstationenterprise_linux_desktopleapn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-17922
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.43%
||
7 Day CHG~0.00%
Published-02 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication.

Action-Not Available
Vendor-circontrolunknown
Product-circarlifecircarlife_firmwareCircontrol CirCarLife all versions prior to 4.3.1
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2018-17969
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.26%
||
7 Day CHG~0.00%
Published-03 Oct, 2018 | 19:00
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests.

Action-Not Available
Vendor-n/aSamsung
Product-scx-6545xscx-6545x_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found