CVE-2024-34539

CRITICAL Year: 2024
CVSS v3 Score
9.4
Critical
Weakness Type
CWE-259
View all →

Vulnerability Description

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions.

Related Vulnerabilities

CVE-2019-10881

CRITICAL
CVSS:9.4(Critical)

Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be e...

CWE-2592019

CVE-2021-36312

CRITICAL
CVSS:9.1(Critical)

Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit ...

CWE-2592021

CVE-2014-125030

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The ...

CWE-2592014

CVE-2014-5434

CRITICAL
CVSS:9.8(Critical)

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter a...

CWE-2592014

CVE-2015-3953

CRITICAL
CVSS:9.8(Critical)

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. H...

CWE-2592015

CVE-2016-9358

CRITICAL
CVSS:9.8(Critical)

A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bi...

CWE-2592016