CVE-2026-31928

PUBLISHED

Published: 26 Jun 2026, 22:52

Last modified:26 Jun 2026, 22:52

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.3 CRITICAL

v4.0 (cve.org)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

26 Jun 2026, 22:52

Published

Vulnerability first disclosed

Description

The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.

CVSS Metrics

v4.0•CRITICAL•Score: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
v3.1•HIGH•Score: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Techniques & Countermeasures

CWE-798•Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

Affected Systems

daktronics•dmp-5000
< v10.34.x.x | < v8.117.x.x | < v9.43.x.x
daktronics•dmp-8000
< v10.34.x.x | < v8.117.x.x | < v9.43.x.x
daktronics•vfc-dmp-5000
< v8.117.x.x | < v9.43.x.x | < v10.34.x.x