CVE-2026-31928
Analyzed Analyzed - Analysis Complete

Default Admin Credentials in DMP-5000 Devices

Vulnerability report for CVE-2026-31928, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-07-06

Assigner: ICS-CERT

Description

The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-07-06
Generated
2026-07-17
AI Q&A
2026-06-27
EPSS Evaluated
2026-07-16
NVD
EUVD

Affected Vendors & Products

Showing 9 associated CPEs
Vendor Product Version / Range
daktronics dmp-5000_firmware to 8.117.0.0 (exc)
daktronics dmp-5000_firmware From 10.0.0.0 (inc) to 10.34.0.0 (exc)
daktronics dmp-5000_firmware From 9.0.0.0 (inc) to 9.43.0.0 (exc)
daktronics dmp-8000_firmware to 8.117.0.0 (exc)
daktronics dmp-8000_firmware From 10.0.0.0 (inc) to 10.34.0.0 (exc)
daktronics dmp-8000_firmware From 9.0.0.0 (inc) to 9.43.0.0 (exc)
daktronics vfc-dmp-5000_firmware to 8.117.0.0 (exc)
daktronics vfc-dmp-5000_firmware From 10.0.0.0 (inc) to 10.34.0.0 (exc)
daktronics vfc-dmp-5000_firmware From 9.0.0.0 (inc) to 9.43.0.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability involves DMP-5000 devices that come with a default administrative web account which has weak authentication controls.

These default credentials are not required to be changed during initial setup or operation, allowing anyone who knows or discovers these credentials to gain full system access.

Impact Analysis

Because the default administrative account has weak authentication and is not required to be changed, an attacker can use it to gain full access to the system.

This full system access can lead to unauthorized control, potential data breaches, disruption of device operation, and compromise of the overall security of the affected environment.

Mitigation Strategies

The DMP-5000 devices are shipped with a default administrative web account that has weak authentication controls and is not required to be changed during initial configuration or operation.

To mitigate this vulnerability, immediate steps should include changing the default administrative web account credentials to strong, unique passwords to prevent unauthorized full system access.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31928. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart