CVE-2019-20458

HIGH Year: 2019
CVSS v3 Score
8.8
High
Weakness Type
CWE-276
View all →

Vulnerability Description

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a password. The user is at no point prompted to set up a password on the device (leaving a number of devices without a password). In this case, anyone connecting to the web admin panel is capable of becoming admin without using any credentials.

Related Vulnerabilities

CVE-2006-5014

HIGH
CVSS:8.8(High)

Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.

CWE-2762006

CVE-2012-4434

HIGH
CVSS:8.8(High)

fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code.

CWE-2762012

CVE-2014-2721

HIGH
CVSS:8.8(High)

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The...

CWE-2762014

CVE-2014-2722

HIGH
CVSS:8.8(High)

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The...

CWE-2762014

CVE-2014-2723

HIGH
CVSS:8.8(High)

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The...

CWE-2762014

CVE-2015-9474

HIGH
CVSS:8.8(High)

The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.

CWE-2762015