CVE-2026-31928

HIGH

Daktronics Controller Firmware Use of Hard-coded Credentials

Title source: cna
STIX 2.1

Description

The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.

Scores

CVSS v3 8.1
EPSS 0.0045
EPSS Percentile 36.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-798
Status published
Products (9)
Daktronics/DMP-5000 < v10.34.x.x
Daktronics/DMP-5000 < v8.117.x.x
Daktronics/DMP-5000 < v9.43.x.x
Daktronics/DMP-8000 < v10.34.x.x
Daktronics/DMP-8000 < v8.117.x.x
Daktronics/DMP-8000 < v9.43.x.x
Daktronics/VFC-DMP-5000 < v10.34.x.x
Daktronics/VFC-DMP-5000 < v8.117.x.x
Daktronics/VFC-DMP-5000 < v9.43.x.x
Published Jun 26, 2026
Tracked Since Jun 27, 2026