Vulnerability Details CVE-2026-31928
The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 36.1%
CVSS Severity
CVSS v3 Score 8.1
Products affected by CVE-2026-31928
-
cpe:2.3:h:daktronics:dmp-5000:-
-
cpe:2.3:h:daktronics:dmp-8000:-
-
cpe:2.3:h:daktronics:vfc-dmp-5000:-
-
cpe:2.3:o:daktronics:dmp-5000_firmware:*
-
cpe:2.3:o:daktronics:dmp-5000_firmware:10.0.0.0
-
cpe:2.3:o:daktronics:dmp-5000_firmware:9.0.0.0
-
cpe:2.3:o:daktronics:dmp-8000_firmware:*
-
cpe:2.3:o:daktronics:dmp-8000_firmware:10.0.0.0
-
cpe:2.3:o:daktronics:dmp-8000_firmware:9.0.0.0
-
cpe:2.3:o:daktronics:vfc-dmp-5000_firmware:*
-
cpe:2.3:o:daktronics:vfc-dmp-5000_firmware:10.0.0.0
-
cpe:2.3:o:daktronics:vfc-dmp-5000_firmware:9.0.0.0