Total
1442 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49805 | 1 Ibm | 1 Security Verify Access | 2025-01-29 | N/A | 9.4 CRITICAL |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | |||||
| CVE-2024-31873 | 1 Ibm | 1 Security Verify Access | 2025-01-28 | N/A | 7.5 HIGH |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. | |||||
| CVE-2023-6448 | 1 Unitronics | 33 Samba 3.5, Samba 3.5 Firmware, Samba 4.3 and 30 more | 2025-01-27 | N/A | 9.8 CRITICAL |
| Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system. | |||||
| CVE-2023-30354 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | N/A | 9.8 CRITICAL |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access. | |||||
| CVE-2023-30352 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | N/A | 9.8 CRITICAL |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed. | |||||
| CVE-2023-30351 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | N/A | 7.5 HIGH |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials. | |||||
| CVE-2024-36248 | 2025-01-27 | N/A | 9.1 CRITICAL | ||
| API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | |||||
| CVE-2024-35244 | 2025-01-27 | N/A | 9.1 CRITICAL | ||
| There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | |||||
| CVE-2024-46505 | 2025-01-23 | N/A | 9.1 CRITICAL | ||
| Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | |||||
| CVE-2024-11147 | 2025-01-23 | N/A | 7.6 HIGH | ||
| ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. | |||||
| CVE-2023-6255 | 1 Utarit | 1 Solipay Mobile | 2025-01-23 | N/A | 7.5 HIGH |
| Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before 5.0.8. | |||||
| CVE-2024-49060 | 1 Microsoft | 1 Azure Stack Hci | 2025-01-23 | N/A | 8.8 HIGH |
| Azure Stack HCI Elevation of Privilege Vulnerability | |||||
| CVE-2024-45832 | 2025-01-17 | N/A | 4.3 MEDIUM | ||
| Hard-coded credentials were included as part of the application binary. These credentials served as part of the application authentication flow and communication with the mobile application. An attacker could access unauthorized information. | |||||
| CVE-2024-57811 | 2025-01-16 | N/A | 9.1 CRITICAL | ||
| In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton. | |||||
| CVE-2023-28937 | 1 Saison | 1 Dataspider Servista | 2025-01-09 | N/A | 8.8 HIGH |
| DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazon SQS, which is common to all users. If an attacker who can gain access to a target DataSpider Servista instance and obtain a Launch Settings file of ScriptRunner and/or ScriptRunner for Amazon SQS, the attacker may perform operations with the user privilege encrypted in the file. Note that DataSpider Servista and some of the OEM products are affected by this vulnerability. For the details of affected products and versions, refer to the information listed in [References]. | |||||
| CVE-2023-33778 | 1 Draytek | 143 Myvigor, Vigor1000b, Vigor1000b Firmware and 140 more | 2025-01-09 | N/A | 9.8 CRITICAL |
| Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website. | |||||
| CVE-2024-29063 | 1 Microsoft | 1 Azure Ai Search | 2025-01-09 | N/A | 7.3 HIGH |
| Azure AI Search Information Disclosure Vulnerability | |||||
| CVE-2024-29170 | 1 Dell | 1 Powerscale Onefs | 2025-01-08 | N/A | 8.1 HIGH |
| Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service. | |||||
| CVE-2023-51638 | 1 Alltena | 1 Allegra | 2025-01-03 | N/A | 9.8 CRITICAL |
| Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a database. The issue results from the use of a hardcoded password. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22360. | |||||
| CVE-2023-34284 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 6.3 MEDIUM |
| NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the system configuration. The system contains a hardcoded user account which can be used to access the CLI service as a low-privileged user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19660. | |||||