CVE-2026-31928
Analyzed
Analyzed - Analysis Complete
Default Admin Credentials in DMP-5000 Devices
Vulnerability report for CVE-2026-31928, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-26
Last updated on: 2026-07-06
Assigner: ICS-CERT
Description
Description
The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| daktronics | dmp-5000_firmware | to 8.117.0.0 (exc) |
| daktronics | dmp-5000_firmware | From 10.0.0.0 (inc) to 10.34.0.0 (exc) |
| daktronics | dmp-5000_firmware | From 9.0.0.0 (inc) to 9.43.0.0 (exc) |
| daktronics | dmp-8000_firmware | to 8.117.0.0 (exc) |
| daktronics | dmp-8000_firmware | From 10.0.0.0 (inc) to 10.34.0.0 (exc) |
| daktronics | dmp-8000_firmware | From 9.0.0.0 (inc) to 9.43.0.0 (exc) |
| daktronics | vfc-dmp-5000_firmware | to 8.117.0.0 (exc) |
| daktronics | vfc-dmp-5000_firmware | From 10.0.0.0 (inc) to 10.34.0.0 (exc) |
| daktronics | vfc-dmp-5000_firmware | From 9.0.0.0 (inc) to 9.43.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |