Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2015-12-31 CVE-2015-7280 Credentials Management vulnerability in Readynet Solutions Wrt300N-Dd Firmware 1.0.26
The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
network
low complexity
readynet-solutions CWE-255
critical
10.0
2015-12-31 CVE-2015-7277 Credentials Management vulnerability in Ampedwireless R10000 Firmware 2.5.2.11
The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
network
ampedwireless CWE-255
critical
9.3
2015-12-31 CVE-2015-6018 Permissions, Privileges, and Access Controls vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.
network
low complexity
zyxel CWE-264
critical
10.0
2015-12-31 CVE-2015-6016 Credentials Management vulnerability in Zyxel Nbg-418N, Pmg5318-B20A Firmware and Zynos Firmware
ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors.
network
low complexity
zyxel CWE-255
critical
10.0
2015-12-31 CVE-2015-5995 Permissions, Privileges, and Access Controls vulnerability in multiple products
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.
network
low complexity
tenda mediabridge CWE-264
critical
10.0
2015-12-31 CVE-2015-2874 Credentials Management vulnerability in multiple products
Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
network
low complexity
seagate lacie CWE-255
critical
10.0
2015-12-30 CVE-2015-7792 Permissions, Privileges, and Access Controls vulnerability in Corega Cg-Wlbargs Firmware
Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors.
network
low complexity
corega CWE-264
critical
10.0
2015-12-30 CVE-2015-7251 Credentials Management vulnerability in ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.Hpe
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
network
low complexity
zte CWE-255
critical
10.0
2015-12-28 CVE-2015-8650 Use After Free Remote Code Execution vulnerability in Adobe Flash Player and AIR APSB16-01
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8649.
network
adobe apple google microsoft linux
critical
9.3
2015-12-28 CVE-2015-8649 Use After Free Remote Code Execution vulnerability in Adobe Flash Player and AIR APSB16-01
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8650.
network
adobe apple microsoft google linux
critical
9.3