Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-27557

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-17 Nov, 2020 | 14:18
Updated At-04 Aug, 2024 | 16:18
Rejected At-
Credits

Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:17 Nov, 2020 | 14:18
Updated At:04 Aug, 2024 | 16:18
Rejected At:
▼CVE Numbering Authority (CNA)

Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://infosec.rm-it.de/2020/11/04/basetech-ip-camera-analysis/#vulns
x_refsource_MISC
Hyperlink: https://infosec.rm-it.de/2020/11/04/basetech-ip-camera-analysis/#vulns
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://infosec.rm-it.de/2020/11/04/basetech-ip-camera-analysis/#vulns
x_refsource_MISC
x_transferred
Hyperlink: https://infosec.rm-it.de/2020/11/04/basetech-ip-camera-analysis/#vulns
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:17 Nov, 2020 | 15:15
Updated At:21 Jul, 2021 | 11:39

Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
basetech
basetech
>>ge-131_bt-1837836_firmware>>20180921
cpe:2.3:o:basetech:ge-131_bt-1837836_firmware:20180921:*:*:*:*:*:*:*
basetech
basetech
>>ge-131_bt-1837836>>-
cpe:2.3:h:basetech:ge-131_bt-1837836:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-522Primarynvd@nist.gov
CWE ID: CWE-522
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://infosec.rm-it.de/2020/11/04/basetech-ip-camera-analysis/#vulnscve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://infosec.rm-it.de/2020/11/04/basetech-ip-camera-analysis/#vulns
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

226Records found
CVE-2021-38976
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 9.95%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelsecurity_guardium_key_lifecycle_managerwindowssecurity_key_lifecycle_manageraixSecurity Key Lifecycle Manager
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-5704
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.96%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 21:00
Updated-05 Aug, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges.

Action-Not Available
Vendor-Intel Corporation
Product-core_i7core_i5core_i3Intel Core Processor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-3789
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-4.2||MEDIUM
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.

Action-Not Available
Vendor-binatoneglobalMotorola Mobility LLC. (Lenovo Group Limited)
Product-cn50comfort_85_connect_firmwarecomfort_50_connectcn28mbp3855halo\+_camera_firmwarelux_65_firmwarecn40cn28_firmwarecomfort_85_connectmbp3855_firmwarecomfort_40focus_72r_firmwarembp3667comfort_50_connect_firmwarembp3667_firmwarecn50_firmwareconnect_view_65focus_68_firmwarelux_85_connect_firmwarembp4855_firmwarelux_64_firmwarecn40_firmwarecn75comfort_40_firmwarelux_64focus_72rconnect_20mbp4855lux_65mbp6855focus_68ease44halo\+_camerambp669_connect_firmwareconnect_view_65_firmwareease44_firmwarembp669_connectconnect_20_firmwarecn75_firmwarembp6855_firmwarelux_85_connectBinatone Hubble Cameras
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2017-18843
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 15:44
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6800d7000d7000_firmwarer6700r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-28090
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.89%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 18:45
Updated-03 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An HPE OneView appliance dump may expose SNMPv3 read credentials

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-oneviewHPE OneView
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-18844
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.11% / 30.38%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 15:43
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6800d7000d7000_firmwarer6700r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-18845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 15:42
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38 and R6800 before 1.1.0.38.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700_firmwarer6800r6800_firmwarer6700n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-34700
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.03%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 15:20
Updated-07 Nov, 2024 | 22:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Information Disclosure Vulnerability

A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficiently controlled. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the web UI of an affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-34560
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.47%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 10:32
Updated-16 Sep, 2024 | 23:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A vulnerability in WirelessHART-Gateway <= 3.0.9 could lead to information exposure of sensitive information

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.

Action-Not Available
Vendor-pepperl-fuchsPhoenix Contact GmbH & Co. KG
Product-wha-gw-f2d2-0-as-z2-eth_firmwarewha-gw-f2d2-0-as-z2-eth.eipwha-gw-f2d2-0-as-z2-eth.eip_firmwarewha-gw-f2d2-0-as-z2-ethWHA-GW-F2D2-0-AS- Z2-ETHWHA-GW-F2D2-0-AS- Z2-ETH.EIP
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-2751
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4.6||MEDIUM
EPSS-4.38% / 88.55%
||
7 Day CHG~0.00%
Published-03 Oct, 2018 | 20:00
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.

Action-Not Available
Vendor-HP Inc.
Product-hp_250_g1_notebook_pchp_240_g1hp_envy_17_j100_firmwarehp_15-r000_firmwarehp_g14-a000hp_14-r000hp_pavilion_14-n000_firmwarehp_envy_15-j100hp_455_firmwarehp_envy_15-j000_firmwarecompaq_cq45-900hp_246_g3hp_split_13-g200hp_246hp_pavilion_10-f000_firmwarehp_15-r000compaq_14-s000_firmwarehp_255_g1_notebook_pchp_envy_17-j100_leap_motion_se_firmwarehp_pavilion_11-n000_firmwarehp_envy_m6-n000_firmwarehp_split_13-g200_firmwarehp_246_firmwarehp_pavilion_15-n300_firmwarehp_1000-1300_firmwarehp_pavilion_11-n000hp_spectre_13-h200hp_240_g3_firmwarehp_14-g000hp_envy_100hp_pavilion_15-n000hp_1000-1300hp_14-r000_firmwarehp_pavilion_15-n200_firmwarehp_envy_17-j100_leap_motion_sehp_pavilion_10-f000hp_255_g1_notebook_pc_firmwarehp_pavilion_15-n300hp_envy_14-k100compaq_cq45-900_firmwarecompaq_14-s000hp_455hp_255_g3_firmwarehp_envy_17_j100hp_245_g1hp_spectre_13-h200_firmwarehp_14-g000_firmwarecompaq_14-h000hp_envy_14-k100_firmwarehp_pavilion_14-n000hp_15-r500_firmwarehp_246_g3_firmwarehp_15-r500hp_g14-a000_firmwarehp_envy_15-j100_firmwarehp_envy_100_firmwarehp_pavilion_15-n000_firmwarehp_255_g3hp_240_g3hp_spectre_x2_13-smb_pro_firmwarehp_spectre_x2_13-smb_procompaq_14-h000_firmwarehp_245_g1_firmwarehp_envy_m6-n000hp_240_g1_firmwarehp_250_g1_notebook_pc_firmwarehp_pavilion_15-n200hp_envy_15-j000HP 240 G1 Notebook PC and certain other consumer notebooks
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-18777
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:42
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by administrative password disclosure. This affects D6220 before V1.0.0.28, D6400 before V1.0.0.60, D8500 before V1.0.3.29, DGN2200v4 before 1.0.0.82, DGN2200Bv4 before 1.0.0.82, R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwarer7100lgr7900wndr3400d6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwaredgn2200r7000_firmwared6400_firmwarer7300dstd6220_firmwarer6300_firmwared8500_firmwaredgn2200b_firmwarer8500d8500wndr3400_firmwaredgn2200br6700r8300_firmwarer7000wnr3500l_firmwarer6900d6400wnr3500ldgn2200_firmwarer6900_firmwarer7900_firmwarer6300r6400r6700_firmwarer8000_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-1779
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.89%
||
7 Day CHG~0.00%
Published-29 Jan, 2018 | 16:00
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-33107
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.14% / 35.31%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-core_i7-8850hcore_i5-10610u_firmwarecore_i3-10100core_i9-10910_firmwarecore_i9-8950hk_firmwareh470w480ecore_i5-1038ng7core_i5-10400t_firmwarecore_i9-7900xcore_i9-9900kscore_i5_10110y_firmwarecore_i7-10510ycore_i7-10710u_firmwarecore_i3_9100_firmwarez370core_i7_8560ub560core_i9-9800x_firmwarecore_i3_9300core_i9-7920xcore_i3-10100_firmwarew580core_i9-10900_firmwarecore_i9-9960xcore_i9-7960x_firmwarecore_i3_8300t_firmwarecore_i9-10900tecore_i9-8950hkcore_i5-1030g4_firmwarecore_i3-10100yh410core_i3_9300tcore_i5-10600tcore_i5-10600kf_firmwareh270c627core_i7-10875h_firmwarec627acore_i5_9500core_i9-10900e_firmwareb460c625core_i3_9100tc621acore_i5_8400t_firmwarecore_i9-9920xcore_i9-9900kf_firmwarecore_i7-8709gcore_i9-10910core_i5-10600t_firmwarecore_i5_8500_firmwarecore_i5-10300h_firmwarecore_i9_9900core_i9-10900tcore_i3-10100t_firmwareh420ecore_i7-10700f_firmwarecore_i5-10500t_firmwarecore_i7-10700tecore_i5-10600_firmwarecore_i9-10900kcore_i3_8350k_firmwarecore_i3-10105core_i5_9600tcore_i7_8565u_firmwarecore_i9-10900kf_firmwarecore_i7-8550ucore_i5-10400tcore_i7_8550ucore_i7-10810u_firmwarecore_i9-10920x_firmwarecore_i9-10940xcore_i9-9880h_firmwarecore_i7_1060ng7_firmwarec246core_i9-10900xc629acore_i3-8300q470ecore_i7-10700kfcore_i9_9900kfcore_i5-10110y_firmwarecore_i7_9700t_firmwarecore_i3_9350kq150c232core_i9-10900te_firmwarecore_i7_9700k_firmwarecore_i3_9300t_firmwarecore_i7-1065g7core_i5-10500hcore_i3_9100t_firmwarecore_i5_10210ycore_i5-10600kfcore_i3-1000g1core_i7-10700_firmwareq470core_i5-1035g1_firmwarecore_i5_8600kcore_i3-1005g1core_i7-1068ng7core_i5-1038ng7_firmwarec626core_i9-10850hz270core_i3-10305t_firmwarecore_i5_8500core_i3-10100ec236core_i9_firmwarecore_i9-10850k_firmwarecore_i3_9300_firmwarecore_i7-10700kf_firmwarecore_i5_9500_firmwarecore_i7-10700q570core_i3_8100tcore_i5_8600t_firmwarecore_i7_1060g7core_i7-10610u_firmwarecore_i5-10500e_firmwareq170core_i7_8700core_i7_9700f_firmwarecore_i9-9940x_firmwarec422core_i5_9500t_firmwarecore_i5_8500tcore_i3-8145ucore_i5-10400core_i3_9350k_firmwareactive_management_technology_software_development_kitcore_i7-8700kc621core_i5_l16g7_firmwarecore_i9core_i7-10870h_firmwarecore_i5_8600core_i3_8350kcore_i7_8700t_firmwarecore_i3-8109ucore_i5_9600core_i7-10810ucore_i3-10300tcore_i3-8100core_i5_9400t_firmwarecore_i5_8400tcore_i3-8145uecore_i5_8600_firmwarecore_i7-10700te_firmwarecore_i7-10700ecore_i5-8350ucore_i5_9500fcore_i7_1068ng7core_i7_8650ucore_i3_8100core_i3-10100tecore_i7-10700tcore_i9-9900kfcore_i9_9900tcore_i3_firmwarecore_i5-10210u_firmwarecore_i5-10500ecore_i7-10750hcore_i9-10850kcore_i3-10100te_firmwarecore_i7_8550u_firmwarecore_i5_9600_firmwarecore_i7-1060ng7core_i5-10600k_firmwarecore_i5_9400fcore_i3-8100hcore_i9-10900ecore_i5-10610ucore_i7-8706gc624core_i5-8250ucore_i3-10110y_firmwarecore_i5_8400core_i9_9900_firmwarecore_i9-7980xe_firmwareq250core_i3_8300tcore_i5-10500tec242core_i9-10920xcore_i5-10210y_firmwarecore_i5_m480_firmwarecore_i7-8700bcore_i5-10500tcm246core_i7_1065g7_firmwarecore_i5-10310ucore_i9-10885hcore_i5-10600core_i5-10500_firmwarexeoncore_i7-8557ucore_i5-10310ycore_i7_8560u_firmwarecore_i5-10310y_firmwarecore_i5\+8400h510core_i7-10750h_firmwarecore_i3_9100core_i7_10510ycore_i9-9820x_firmwarecore_i7-10700kcore_i5-1030g7core_i9_9880hcore_i9-10980hkcm236core_i7_1060g7_firmwarecore_i5_9600kcore_i9-9880hcore_i3-1000g1_firmwarecore_i5core_i7-10700k_firmwarecore_i7_1068ng7_firmwarecore_i9-10900t_firmwarez170core_i5_l16g7core_i3-10305_firmwarecore_i7-8665uecore_i3-10325_firmwarecore_i3-8130ucore_i7-10510y_firmwarecore_i7_8700_firmwarecore_i3-8300tcore_i5-1035g4core_i5-1030ng7core_i9_9980hkcore_i7-1060ng7_firmwarecore_i7_8559u_firmwarecore_i7-1060g7_firmwarecore_i7-8650ucore_i7-8500ycore_i7-1068ng7_firmwarecore_i5-10200hcore_i9-9900kcore_i7-8705gcore_i9-7960xcore_i5-10400fcore_i7_9700kfcore_i7_9700tcore_i5_9600k_firmwarecore_i5-1035g7_firmwarecore_i7\+8700_firmwareh170core_i5_9600kf_firmwarecore_i7_9700_firmwarew480core_i5_9400tcore_i7-8706g_core_i9-9900core_i9-9820xcore_i5_9600t_firmwarecore_i5_9600kfcore_i3h570core_i3-10320_firmwarecore_i7_8700kcore_i5_10310ycore_i9_9900ks_firmwarecore_i5_10310y_firmwarecore_i5_9400core_i3-10320b250core_i3-10110ycore_i5-1035g7pentium_gold_g5400core_i3-10105fcore_i5-8305gcore_i5_8500t_firmwaresetup_and_configuration_softwarecore_i7-10875hcore_i7-8750hcore_i5-10400hcore_i3_8100fcore_i7_10510y_firmwarecore_i7-8665ucore_i3-10100e_firmwarecore_i3-10305tcore_i5-10505_firmwarecore_i7_8700k_firmwarecore_i9-7940x_firmwarecore_i9-9940xcore_i3-8140ucore_i9-9980xe_firmwareh110core_i7_9700fcore_i9-9900t_firmwarecore_i9-7940xcore_i9-9900xcore_i3-8350kcore_i5-10110ycore_i7-8086kcore_i5-10600kc628core_i9-7900x_firmwarecore_i7-10850hcore_i3-1005g1_firmwarecore_i9-9900x_firmwarecore_i5-10500te_firmwarecore_i3-10300t_firmwarex299xeon_firmwarecore_i3-10105tcore_i9-9900k_firmwarecore_i5_9500tcore_i7-10510u_firmwarecore_i3-8100bcore_i3-1000g4core_i3-10105t_firmwarecore_i5-10400h_firmwarecore_i3-10100f_firmwarecore_i9-10900f_firmwarecore_i9-10900kfcore_i3-10100tcore_i9-9980hk_firmwarecore_i5-8600kcore_i7_1065g7core_i7-8700tcore_i3_9320core_i9-9980hkcore_i9_9980hk_firmwarec622z490core_i9_9900kcore_i5-1035g4_firmwarecore_i7-10700e_firmwarecm238core_i3_8100f_firmwarecore_i7-10610ucore_i5-1030g7_firmwarecore_i7_firmwarecore_i7-8559ucore_i9-10850h_firmwarecore_i9-9920x_firmwarecore_i9_9880h_firmwarecore_i5-10400f_firmwarecore_i5_10110ycore_i3_9350kf_firmwarecore_i7-1060g7core_i9-10980xe_firmwarecore_i3_8100_firmwarecore_i5_9400_firmwarecore_i7_8086kcore_i7_8565ucore_i7_8500y_firmwarecore_i7-8569ucore_i7-10700t_firmwarecore_i3-10325core_i9-7920x_firmwarecore_i9-9900tceleron_4205ucore_i9-9980xecore_i7-8700core_i3-1000ng4_firmwarecore_i5-8400core_i7_9700kf_firmwarecore_i3-10105f_firmwarecore_i7-8809gcore_i3_8300core_i3-10105_firmwarecore_i3-1000ng4core_i5\+8500core_i7\+8700core_i9_9900kf_firmwarecore_i3-10110u_firmwarecore_i7-10850h_firmwarecore_i9-10980xecore_i7_1060ng7core_i3-10305core_i5-1035g1b150q270core_i3-10110ucore_i5-10505core_i9-10885h_firmwarec629core_i3-10100y_firmwarecore_i7_8086k_firmwarecore_i9-10900x_firmwarecore_i3_9100fceleron_4305ucore_i3_9350kfcore_i7_8650u_firmwarecore_i5_firmwarecore_i7-10710ucore_i5-10210ycore_i9-10900core_i3-1000g4_firmwarecore_i7-1065g7_firmwarecore_i5-10300hmanagement_engine_bios_extensioncore_i5-1030ng7_firmwarecore_i7_8700tcore_i5_8600k_firmwarecore_i3_9320_firmwarecore_i9-9900ks_firmwarecore_i3-10300core_i9-10900fcore_i9-9960x_firmwarecore_i5_9500f_firmwarecore_i5\+8400_firmwarecore_i7-8565ucore_i5-10310u_firmwarecore_i9-10940x_firmwarez590core_i5-1030g4core_i3-8100tcore_i5-10200h_firmwarecore_i7core_i5_10210y_firmwarecore_i9_9900kscore_i9-10980hk_firmwarecore_i7-10870hcore_i3-10100fcore_i7-10510ucore_i5-10400_firmwarecore_i9_9900k_firmwarecore_i9-9900_firmwarecore_i7_9700kcore_i3_8100t_firmwarecore_i3-10300_firmwarecore_i5-10500h_firmwarecore_i7_9700core_i9_9900t_firmwarecore_i5_8400_firmwarecore_i9-7980xecore_i7_8559ucore_i3_8300_firmwarecore_i5_m480core_i7-10700fcore_i5-10210ucore_i9-10900k_firmwarecore_i5\+8500_firmwareceleron_4305uecore_i5_9400f_firmwarecore_i3_9100f_firmwarecore_i5_8600tcore_i5-10500core_i7_8500ycore_i9-9800xIntel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-15272
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.40%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password.

Action-Not Available
Vendor-psftpn/a
Product-psftpdn/a
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-22312
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.54%
||
7 Day CHG~0.00%
Published-10 Feb, 2024 | 15:41
Updated-10 Jun, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Defender - Resiliency Service information disclosure

IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.

Action-Not Available
Vendor-IBM Corporation
Product-storage_defender_resiliency_serviceStorage Defender - Resiliency Service
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-15918
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.75%
||
7 Day CHG~0.00%
Published-01 Nov, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.

Action-Not Available
Vendor-ignitumn/a
Product-seran/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-27941
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.12% / 31.01%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 20:31
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process.

Action-Not Available
Vendor-coolkitn/a
Product-ewelinkn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-23207
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.24%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 18:17
Updated-16 Apr, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fresenius Kabi Agilia Connect Infusion System plaintext storage of a password

An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users.

Action-Not Available
Vendor-fresenius-kabiFresenius Kabi
Product-link\+_agilia_firmwarevigilant_insightagilia_connectvigilant_mastermedlink\+_agiliavigilant_centeriumagilia_partner_maintenance_softwareVigilant Software Suite (Mastermed Dashboard)Agilia Partner
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-54471
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-20 Mar, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-41023
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 18:26
Updated-25 Oct, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files

Action-Not Available
Vendor-Fortinet, Inc.Microsoft Corporation
Product-fortisiemwindowsFortinet FortiSIEMWindowsAgent
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-29959
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 29.06%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 12:23
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism.

Action-Not Available
Vendor-emersonn/a
Product-openbsin/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-29507
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 19:59
Updated-18 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-team_blueversion
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-29253
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.10% / 28.79%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 03:57
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks.

Action-Not Available
Vendor-n/aRSA Security LLC
Product-archern/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-1731
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 66.07%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PFX Encryption Security Feature Bypass Vulnerability

PFX Encryption Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-7030
Matching Score-4
Assigner-Avaya, Inc.
ShareView Details
Matching Score-4
Assigner-Avaya, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.58%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 23:45
Updated-16 Sep, 2024 | 22:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IPO Information Disclosure

A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.

Action-Not Available
Vendor-Avaya LLC
Product-ip_officeIP Office
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4602
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 9.96%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:10
Updated-17 Sep, 2024 | 03:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-522
Insufficiently Protected Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found