CVE-2026-31928

Summary

The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.

Affected Software

VendorProductVersion RangeStatus
DaktronicsVFC-DMP-50000 < v8.117.x.xaffected
DaktronicsVFC-DMP-50000 < v9.43.x.xaffected
DaktronicsVFC-DMP-50000 < v10.34.x.xaffected
DaktronicsDMP-50000 < v10.34.x.xaffected
DaktronicsDMP-50000 < v8.117.x.xaffected
DaktronicsDMP-50000 < v9.43.x.xaffected
DaktronicsDMP-80000 < v10.34.x.xaffected
DaktronicsDMP-80000 < v8.117.x.xaffected
DaktronicsDMP-80000 < v9.43.x.xaffected

Weaknesses

  • CWE-798: CWE-798

Workarounds

Daktronics recommends updating the default passwords and encourages using strong, unique credentials per device.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References