Total
1389 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2369 | 1 Redhat | 1 Satellite | 2025-04-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements. | |||||
| CVE-2024-41794 | 2025-04-08 | N/A | 10.0 CRITICAL | ||
| A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793). | |||||
| CVE-2022-39185 | 1 Exfo | 2 Bv-10, Bv-10 Firmware | 2025-04-08 | N/A | 9.8 CRITICAL |
| EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user. | |||||
| CVE-2024-52788 | 1 Tenda | 2 W9, W9 Firmware | 2025-04-07 | N/A | 8.0 HIGH |
| Tenda W9 v1.0.0.7(4456) was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | |||||
| CVE-2024-52789 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-07 | N/A | 8.0 HIGH |
| Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | |||||
| CVE-2024-50688 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | N/A | 9.8 CRITICAL |
| SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regardless of the user account) and the cloud uses the same MQTT credentials for exchanging the device telemetry. | |||||
| CVE-2024-57040 | 1 Tp-link | 2 Tl-wr845n, Tl-wr845n Firmware | 2025-04-07 | N/A | 9.8 CRITICAL |
| TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. | |||||
| CVE-2024-34219 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-04 | N/A | 8.6 HIGH |
| TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. | |||||
| CVE-2024-20439 | 1 Cisco | 1 Smart License Utility | 2025-04-03 | N/A | 9.8 CRITICAL |
| A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API. | |||||
| CVE-2024-35396 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. | |||||
| CVE-2005-0496 | 1 Arkeia | 1 Network Backup | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands. | |||||
| CVE-2000-1139 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 7.5 HIGH | N/A |
| The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. | |||||
| CVE-2005-3803 | 1 Cisco | 2 Unified Wireless Ip Phone 7920, Unified Wireless Ip Phone 7920 Firmware | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-3716 | 1 Utstarcom | 2 F1000 Wi-fi, F1000 Wi-fi Firmware | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information. | |||||
| CVE-2025-2538 | 2025-04-01 | N/A | 9.8 CRITICAL | ||
| A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote authenticated attacker to gain administrative access to the system. | |||||
| CVE-2024-46429 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-28 | N/A | 8.8 HIGH |
| A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges. | |||||
| CVE-2022-48067 | 1 Totolink | 2 A830r, A830r Firmware | 2025-03-28 | N/A | 5.5 MEDIUM |
| An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack. | |||||
| CVE-2024-29855 | 2025-03-27 | N/A | 9.0 CRITICAL | ||
| Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator | |||||
| CVE-2025-30118 | 2025-03-27 | N/A | 7.5 HIGH | ||
| An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by occupying the only available connection. The SSID remains broadcast at all times, increasing exposure to potential attacks. | |||||
| CVE-2023-23132 | 1 Selfwealth | 1 Selfwealth | 2025-03-27 | N/A | 7.5 HIGH |
| Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys. | |||||