CVE-2024-41336

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-256
View all →

Vulnerability Description

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to store passwords in plaintext.

Related Vulnerabilities

CVE-2017-6049

HIGH
CVSS:7.5(High)

Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL.

CWE-2562017

CVE-2019-10921

HIGH
CVSS:7.5(High)

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp t...

CWE-2562019

CVE-2019-6518

HIGH
CVSS:7.5(High)

Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.

CWE-2562019

CVE-2020-10609

HIGH
CVSS:7.5(High)

Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device.

CWE-2562020

CVE-2020-5374

HIGH
CVSS:7.5(High)

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker...

CWE-2562020

CVE-2020-8183

HIGH
CVSS:7.5(High)

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.

CWE-2562020