Total
1366 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27170 | 2024-11-21 | N/A | 7.4 HIGH | ||
| It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27168 | 2024-11-21 | N/A | 7.1 HIGH | ||
| It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27161 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
| all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27160 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
| All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27159 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
| All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27107 | 2024-11-21 | N/A | 9.6 CRITICAL | ||
| Weak account password in GE HealthCare EchoPAC products | |||||
| CVE-2024-24324 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | |||||
| CVE-2024-23842 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-11-21 | N/A | 7.4 HIGH |
| Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
| CVE-2024-23816 | 1 Siemens | 1 Location Intelligence | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application. | |||||
| CVE-2024-23726 | 1 Ubeeinteractive | 2 Ddw365, Ddw365 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit. | |||||
| CVE-2024-23687 | 1 Openlibraryfoundation | 1 Mod-data-export-spring | 2024-11-21 | N/A | 9.1 CRITICAL |
| Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines. | |||||
| CVE-2024-23685 | 1 Openlibraryfoundation | 1 Mod-remote-storage | 2024-11-21 | N/A | 5.3 MEDIUM |
| Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types. | |||||
| CVE-2024-23619 | 1 Ibm | 1 Merge Efilm Workstation | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. | |||||
| CVE-2024-23453 | 1 Spooncast | 1 Spoon | 2024-11-21 | N/A | 5.5 MEDIUM |
| Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. | |||||
| CVE-2024-22853 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. | |||||
| CVE-2024-22813 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
| An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite the hardcoded IP address in the device memory, disrupting network connectivity between the router and the controller. | |||||
| CVE-2024-22772 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-11-21 | N/A | 7.4 HIGH |
| Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
| CVE-2024-22771 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-11-21 | N/A | 7.4 HIGH |
| Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
| CVE-2024-22770 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-11-21 | N/A | 7.4 HIGH |
| Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
| CVE-2024-22769 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-11-21 | N/A | 7.4 HIGH |
| Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||