HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-31928Published Modified CNA icscert

CVE-2026-31928: Daktronics Controller Firmware Use of Hard-coded Credentials

The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.

Metrics

CVSS v4.0
9.3
Severity
CRITICAL
Fixed in
v10.34.x.x
Affected Products
3

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A hard-coded credentials vulnerability affects the Daktronics DMP-5000, VFC-DMP-5000, and DMP-8000 controller firmware. The devices ship with a default administrative web account that requires no credential change during setup, making the credentials predictable to any attacker who can reach the device over the network using only a low-privilege account. Successful exploitation gives an attacker full system control, with high impact on the confidentiality and integrity of both the device itself and connected downstream systems. Patched-image rebuilds at versions v10.34.x.x, v8.117.x.x, and v9.43.x.x are available on HarborGuard for environments running affected firmware versions.

HarborGuard Coverage

Detection

Detection of CVE-2026-31928 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds, including ICS-CERT, within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built firmware images derived from affected Daktronics base layers.

Available
Triage

HarborGuard scores this CVE at 9.3 Critical using the CVSS v4.0 vector and weights findings against each environment's compliance policy, escalating accordingly. Triage findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

A patched-image rebuild at the fixed firmware versions (v10.34.x.x, v8.117.x.x, or v9.43.x.x, as appropriate to the branch in use) becomes available on HarborGuard once the upstream fix is confirmed. For customers with auto-remediation enabled, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The administrative web interface must be reachable over the network; an attacker exploits this remotely without requiring physical or local access to the device.

  • AuthenticationRequired

    A low-privilege account is sufficient because the hard-coded default administrative credentials constitute the authentication barrier, and any attacker who knows the published defaults meets this condition trivially.

  • Victim interactionNot required

    No user or administrator action is needed to trigger exploitation; the attacker interacts directly with the web interface.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental configuration beyond network access.

Blast Radius

  • An attacker reads all configuration data, stored credentials, and system state on the affected device.
  • An attacker modifies device configuration, display schedules, or firmware settings, altering physical output controlled by the device.
  • Compromise extends to systems connected downstream (SC:H, SI:H): an attacker pivots through the controller to affect other networked infrastructure or control systems in the same segment.
  • Full administrative access means an attacker can install modified firmware, establishing persistent control that survives reboots.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-31928 is active across all connected registries and pipelines, covering every image derived from affected Daktronics firmware versions. For environments running any pre-fix release of DMP-5000, VFC-DMP-5000, or DMP-8000 firmware, a patched-image rebuild targeting the appropriate fixed branch (v10.34.x.x, v8.117.x.x, or v9.43.x.x) is available. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, executes a regression run, and opens a PR against affected workloads; for Critical-severity issues, median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy or operational constraints prevent auto-remediation, HarborGuard surfaces the finding with full CVSS v4.0 context and recommended fix-version targets so teams can act manually. As an interim compensating control, network-policy isolation of the device management interface (restricting inbound access to the administrative web port to known management subnets) reduces the network reachability prerequisite while a firmware update is staged.

See how HarborGuard automates this

Fix available

v10.34.x.xv8.117.x.xv9.43.x.x
Affected packages
  • Daktronics / VFC-DMP-5000
    < v8.117.x.x (from 0) · < v9.43.x.x (from 0) · < v10.34.x.x (from 0)
  • Daktronics / DMP-5000
    < v10.34.x.x (from 0) · < v8.117.x.x (from 0) · < v9.43.x.x (from 0)
  • Daktronics / DMP-8000
    < v10.34.x.x (from 0) · < v8.117.x.x (from 0) · < v9.43.x.x (from 0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
References