Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-3754

Summary
Assigner-@huntrdev
Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a
Published At-29 Oct, 2022 | 00:00
Updated At-08 May, 2025 | 19:13
Rejected At-
Credits

Weak Password Requirements in thorsten/phpmyfaq

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:@huntrdev
Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a
Published At:29 Oct, 2022 | 00:00
Updated At:08 May, 2025 | 19:13
Rejected At:
▼CVE Numbering Authority (CNA)
Weak Password Requirements in thorsten/phpmyfaq

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

Affected Products
Vendor
Thorsten Rinne (phpMyFAQ)thorsten
Product
thorsten/phpmyfaq
Versions
Affected
  • From unspecified before 3.1.8 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-521CWE-521 Weak Password Requirements
Type: CWE
CWE ID: CWE-521
Description: CWE-521 Weak Password Requirements
Metrics
VersionBase scoreBase severityVector
3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
N/A
https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
N/A
Hyperlink: https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
Resource: N/A
Hyperlink: https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
x_transferred
https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
x_transferred
Hyperlink: https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
Resource:
x_transferred
Hyperlink: https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@huntr.dev
Published At:29 Oct, 2022 | 13:15
Updated At:31 Oct, 2022 | 20:10

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Thorsten Rinne (phpMyFAQ)
phpmyfaq
>>phpmyfaq>>Versions before 3.1.8(exclusive)
cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-521Primarynvd@nist.gov
CWE-521Secondarysecurity@huntr.dev
CWE ID: CWE-521
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-521
Type: Secondary
Source: security@huntr.dev
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77easecurity@huntr.dev
Patch
Third Party Advisory
https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47security@huntr.dev
Exploit
Patch
Third Party Advisory
Hyperlink: https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
Source: security@huntr.dev
Resource:
Patch
Third Party Advisory
Hyperlink: https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
Source: security@huntr.dev
Resource:
Exploit
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

77Records found
CVE-2025-27663
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 25.98%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2025-28389
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.80%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 00:00
Updated-17 Jun, 2025 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.

Action-Not Available
Vendor-openc3n/a
Product-cosmosn/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2025-28200
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 23.15%
||
7 Day CHG~0.00%
Published-09 May, 2025 | 00:00
Updated-12 Jun, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.

Action-Not Available
Vendor-govicturen/a
Product-rx1800_firmwarerx1800n/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2025-25737
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 15.16%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 00:00
Updated-27 Aug, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User accounts, allowing attackers to bypass authentication via a bruteforce attack.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2020-26201
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.66% / 70.14%
||
7 Day CHG~0.00%
Published-10 Dec, 2020 | 21:02
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.

Action-Not Available
Vendor-n/aAskey Computer Corp.
Product-ap5100wap5100w_firmwaren/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2025-25211
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 16.39%
||
7 Day CHG-0.03%
Published-31 Mar, 2025 | 04:49
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.

Action-Not Available
Vendor-Inaba Denki Sangyo Co., Ltd.
Product-CHOCO TEI WATCHER mini (IB-MCT001)
CWE ID-CWE-521
Weak Password Requirements
CVE-2022-36301
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 53.07%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 14:02
Updated-03 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-bf-osBF-OS
CWE ID-CWE-521
Weak Password Requirements
CVE-2020-25153
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.47%
||
7 Day CHG~0.00%
Published-23 Dec, 2020 | 14:08
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MOXA NPort IAW5000A-I/O Series

The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.

Action-Not Available
Vendor-Moxa Inc.
Product-nport_iaw5000a-i\/onport_iaw5000a-i\/o_firmwareNPort IAW5000A-I/O
CWE ID-CWE-521
Weak Password Requirements
CVE-2020-6991
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 51.89%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 20:29
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-eds-g516e_firmwareeds-g516eeds-510e_firmwareeds-510eMoxa EDS-G516E Series firmware, Version 5.2 or lower
CWE ID-CWE-521
Weak Password Requirements
CVE-2017-18857
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.09%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 16:41
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-insightn/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2022-1775
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-0.28% / 51.40%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 22:35
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak Password Requirements in polonel/trudesk

Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.

Action-Not Available
Vendor-trudesk_projectpolonel
Product-trudeskpolonel/trudesk
CWE ID-CWE-521
Weak Password Requirements
CVE-2022-1668
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.52% / 65.98%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 15:00
Updated-16 Apr, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secheron SEPCOS Control and Protection Relay

Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH.

Action-Not Available
Vendor-secheronSecheron
Product-sepcos_control_and_protection_relay_firmwaresepcos_control_and_protection_relaySEPCOS Control and Protection Relay firmware package
CWE ID-CWE-521
Weak Password Requirements
CVE-2023-2106
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 17.89%
||
7 Day CHG~0.00%
Published-15 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak Password Requirements in janeczku/calibre-web

Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.

Action-Not Available
Vendor-janeczkujaneczku
Product-calibre-webjaneczku/calibre-web
CWE ID-CWE-521
Weak Password Requirements
CVE-2022-1039
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.6||CRITICAL
EPSS-0.21% / 43.21%
||
7 Day CHG~0.00%
Published-20 Apr, 2022 | 15:30
Updated-16 Apr, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ICSA-22-104-03 Red Lion DA50N

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password.

Action-Not Available
Vendor-redlionRed Lion
Product-da50nda50n_firmwareDA50N
CWE ID-CWE-521
Weak Password Requirements
CVE-2020-11624
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.44%
||
7 Day CHG~0.00%
Published-23 Jul, 2020 | 20:02
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the default password for the admin account. They only show a pop-up window suggesting a change but there's no enforcement. An administrator can click Cancel and proceed to use the device without changing the password. Additionally, they disclose the default username within the login.js script. Since many attacks for IoT devices, including malware and exploits, are based on the usage of default credentials, it makes these cameras an easy target for malicious actors.

Action-Not Available
Vendor-avertxn/a
Product-hd838_firmwarehd438_firmwarehd438hd838n/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2019-9123
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.41%
||
7 Day CHG~0.00%
Published-25 Feb, 2019 | 05:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-825_rev.b_firmwaredir-825_rev.bn/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2019-9096
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 51.44%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 14:27
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-mb3180_firmwaremb3270_firmwaremb3480_firmwaremb3270mb3170_firmwaremb3660mb3170mb3280mb3660_firmwaremb3480mb3180mb3280_firmwaren/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2019-7488
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 65.07%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 21:50
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.

Action-Not Available
Vendor-SonicWall Inc.
Product-email_security_applianceEmail Security Appliance
CWE ID-CWE-255
Not Available
CWE ID-CWE-521
Weak Password Requirements
CVE-2023-34240
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.28%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 16:34
Updated-27 Nov, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak passwords allowed in cloudexplorer-lite

Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong passwords. This vulnerability has been fixed in version 1.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-FIT2CLOUD Inc.CloudExplorer Lite (FIT2CLOUD Inc.)
Product-cloudexplorer_liteCloudExplorer-Lite
CWE ID-CWE-521
Weak Password Requirements
CVE-2023-34995
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.98%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 23:05
Updated-13 Nov, 2024 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PiiGAB M-Bus Weak Password Requirements

There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines.

Action-Not Available
Vendor-piigabPiiGABpiigab
Product-m-bus_900sm-bus_900s_firmwareM-Bus SoftwarePackm-bus_900s
CWE ID-CWE-521
Weak Password Requirements
CVE-2023-31098
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.58%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 15:31
Updated-11 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache InLong: Weak Password Implementation in InLong

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0.  When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password and access the account. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 https://github.com/apache/inlong/pull/7805 to solve it.

Action-Not Available
Vendor-The Apache Software Foundation
Product-inlongApache InLonginlong
CWE ID-CWE-521
Weak Password Requirements
CVE-2022-37158
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.63%
||
7 Day CHG+0.24%
Published-25 Aug, 2022 | 16:06
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuoYi v3.8.3 has a Weak password vulnerability in the management system.

Action-Not Available
Vendor-iocodern/a
Product-ruoyi-vue-pron/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2024-3263
Matching Score-4
Assigner-National Cyber Security Centre SK-CERT
ShareView Details
Matching Score-4
Assigner-National Cyber Security Centre SK-CERT
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.81%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 09:17
Updated-01 Aug, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper authentication in YMS VIS Pro

YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks can lead to unauthorised access and execution of operations based on assigned user permissions. This vulnerability affects VIS Pro in versions <= 3.3.0.6. This vulnerability has been mitigated by changes in authentication mechanisms and implementation of additional authentication layer and strong password policies.

Action-Not Available
Vendor-YMSyms
Product-VIS Provis_pro
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-521
Weak Password Requirements
CVE-2021-38462
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.80%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 12:10
Updated-16 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf.

Action-Not Available
Vendor-InHand Networks, Inc.
Product-ir615_firmwareir615IR615 Router
CWE ID-CWE-521
Weak Password Requirements
CVE-2021-26797
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.44%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 11:20
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service.

Action-Not Available
Vendor-hametechn/a
Product-hame_sd1_wi-fi_firmwarehame_sd1_wi-fin/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2021-25309
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.56% / 67.14%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 00:41
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks.

Action-Not Available
Vendor-gigasetn/a
Product-dx600adx600a_firmwaren/a
CWE ID-CWE-521
Weak Password Requirements
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-25839
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 60.18%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 13:30
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.

Action-Not Available
Vendor-minthcmn/a
Product-minthcmn/a
CWE ID-CWE-521
Weak Password Requirements
  • Previous
  • 1
  • 2
  • Next
Details not found