Daktronics Controller Firmware Use of Hard-coded Credentials_CVE-2026-31928

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Description

The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.

Basic Information

ID CVE-2026-31928

Source icscert

Published Jun 26, 2026 at 22:52

Affected Product

Vendor Daktronics

Product VFC-DMP-5000

Affected Versions Daktronics VFC-DMP-5000 0
Daktronics VFC-DMP-5000 0
Daktronics VFC-DMP-5000 0
Daktronics DMP-5000 0
Daktronics DMP-5000 0
Daktronics DMP-5000 0
Daktronics DMP-8000 0
Daktronics DMP-8000 0
Daktronics DMP-8000 0

CWE Classification

CWE-798

References

{
    "lastseen": "",
    "description": "The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.",
    "published": "2026-06-26T22:52:51.074Z",
    "modified": "2026-06-26T22:52:51.074Z",
    "type": "cve",
    "title": "Daktronics Controller Firmware Use of Hard-coded Credentials",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-04\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-04.json",
    "id": "CVE-2026-31928",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798"
    ],
    "cvelist": null,
    "sourceData": "Daktronics VFC-DMP-5000 0\nDaktronics VFC-DMP-5000 0\nDaktronics VFC-DMP-5000 0\nDaktronics DMP-5000 0\nDaktronics DMP-5000 0\nDaktronics DMP-5000 0\nDaktronics DMP-8000 0\nDaktronics DMP-8000 0\nDaktronics DMP-8000 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "VFC-DMP-5000",
    "version": "0",
    "vendor": "Daktronics",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}