Total
77 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4708 | 1 Myscada | 1 Mypro | 2024-11-21 | N/A | 9.8 CRITICAL |
| mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. | |||||
| CVE-2024-39345 | 1 Adtran | 2 834-5, Sdg Smartos | 2024-11-21 | N/A | 7.2 HIGH |
| AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges. NOTE: The vendor states that there is no intended functionality allowing an attacker to execute arbitrary OS Commands with root-level privileges. The vendor also states that this issue was fixed in SmartOS 12.5.5.1. | |||||
| CVE-2024-36526 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. | |||||
| CVE-2024-34539 | 2024-11-21 | N/A | 9.4 CRITICAL | ||
| Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions. | |||||
| CVE-2024-34025 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges. | |||||
| CVE-2024-33625 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication. | |||||
| CVE-2024-32741 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device. | |||||
| CVE-2024-32210 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections. | |||||
| CVE-2024-2420 | 2024-11-21 | N/A | N/A | ||
| LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements. | |||||
| CVE-2024-2197 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points. | |||||
| CVE-2024-29011 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions. | |||||
| CVE-2024-28066 | 2024-11-21 | N/A | 8.8 HIGH | ||
| In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). | |||||
| CVE-2024-28023 | 2024-11-21 | N/A | 5.7 MEDIUM | ||
| A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code. | |||||
| CVE-2024-27488 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful api interface, but the secret is hardcoded by default. | |||||
| CVE-2024-27164 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-26196 | 1 Microsoft | 1 Edge | 2024-11-21 | N/A | 4.3 MEDIUM |
| Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2023-5222 | 1 Viessmann | 2 Vitogate 300, Vitogate 300 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-49963 | 2024-11-21 | N/A | 8.8 HIGH | ||
| DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded password that could allow an attacker to take control. | |||||
| CVE-2023-46685 | 1 Level1 | 2 Wbr-6013, Wbr-6013 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution. | |||||
| CVE-2023-2799 | 1 Cnoa Oa Project | 1 Cnoa Oa | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229376. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||