Total
74 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32210 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections. | |||||
| CVE-2024-2420 | 2024-11-21 | N/A | N/A | ||
| LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements. | |||||
| CVE-2024-2197 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points. | |||||
| CVE-2024-29011 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions. | |||||
| CVE-2024-28066 | 2024-11-21 | N/A | 8.8 HIGH | ||
| In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). | |||||
| CVE-2024-28023 | 2024-11-21 | N/A | 5.7 MEDIUM | ||
| A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code. | |||||
| CVE-2024-27488 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful api interface, but the secret is hardcoded by default. | |||||
| CVE-2024-27164 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-26196 | 1 Microsoft | 1 Edge | 2024-11-21 | N/A | 4.3 MEDIUM |
| Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2023-5222 | 1 Viessmann | 2 Vitogate 300, Vitogate 300 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-49963 | 2024-11-21 | N/A | 8.8 HIGH | ||
| DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded password that could allow an attacker to take control. | |||||
| CVE-2023-46685 | 1 Level1 | 2 Wbr-6013, Wbr-6013 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution. | |||||
| CVE-2023-32145 | 2024-11-21 | N/A | 8.8 HIGH | ||
| D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-18455. | |||||
| CVE-2023-2799 | 1 Cnoa Oa Project | 1 Cnoa Oa | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229376. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2645 | 1 Usr | 2 Usr-g806, Usr-g806 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded password. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-228774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-29103 | 1 Siemens | 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected data. | |||||
| CVE-2022-30271 | 1 Motorola | 2 Ace1000, Ace1000 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default. | |||||
| CVE-2021-36312 | 1 Dell | 1 Cloudlink | 2024-11-21 | 8.5 HIGH | 9.1 CRITICAL |
| Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system. | |||||
| CVE-2021-32525 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interface with the administrator’s credential, entering the hard-coded password of the debug mode to execute the restricted system instructions. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
| CVE-2021-22729 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized administrative privileges when accessing to the charging station web server. | |||||