Total
1366 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46711 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-11-21 | N/A | 4.6 MEDIUM |
| VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user. | |||||
| CVE-2023-46706 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| Multiple MachineSense devices have credentials unable to be changed by the user or administrator. | |||||
| CVE-2023-46685 | 1 Level1 | 2 Wbr-6013, Wbr-6013 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution. | |||||
| CVE-2023-46102 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application. This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself. | |||||
| CVE-2023-45499 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2024-11-21 | N/A | 9.8 CRITICAL |
| VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials. | |||||
| CVE-2023-45226 | 1 F5 | 1 Big-ip Next Service Proxy For Kubernetes | 2024-11-21 | N/A | 7.4 HIGH |
| The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2023-45194 | 1 Mrl | 14 Mr-gm2, Mr-gm2 Firmware, Mr-gm3-d and 11 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration. | |||||
| CVE-2023-44411 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InstallApplication class. The class contains a hard-coded password for the remotely reachable database. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19553. | |||||
| CVE-2023-44296 | 1 Dell | 1 E-lab Navigator | 2024-11-21 | N/A | 8.4 HIGH |
| Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information. | |||||
| CVE-2023-43870 | 1 Paxton-access | 1 Net2 | 2024-11-21 | N/A | 8.1 HIGH |
| When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content. | |||||
| CVE-2023-43637 | 1 Lfedge | 1 Eve | 2024-11-21 | N/A | 7.8 HIGH |
| Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" (which will always return "foobarfoobarfoobarfoobarfoobarfo" as the key), and then merges the 32byte randomly generated key with this key (by takeing 16bytes from each, see "mergeKeys"). This makes the key a lot weaker. This issue does not persist in devices that were initialized on/after version 7.10, but devices that were initialized before that and updated to a newer version still have this issue. Roll an update that enforces the full 32bytes key usage. | |||||
| CVE-2023-43583 | 1 Zoom | 3 Meeting Software Development Kit, Video Software Development Kit, Zoom | 2024-11-21 | N/A | 4.9 MEDIUM |
| Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access. | |||||
| CVE-2023-42492 | 1 Busbaer | 1 Eisbaer Scada | 2024-11-21 | N/A | 7.1 HIGH |
| EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key | |||||
| CVE-2023-42336 | 1 Netis-systems | 2 Wf2409e, Wf2409e Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component. | |||||
| CVE-2023-42328 | 1 Peppermint | 1 Peppermint | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie. | |||||
| CVE-2023-41919 | 1 Kiloview | 4 P1, P1 Firmware, P2 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access. | |||||
| CVE-2023-41878 | 1 Metersphere | 1 Metersphere | 2024-11-21 | N/A | 4.6 MEDIUM |
| MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-41713 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2024-11-21 | N/A | 7.5 HIGH |
| SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. | |||||
| CVE-2023-41595 | 1 Vaxilu | 1 X-ui | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password. | |||||
| CVE-2023-41508 | 1 Superstorefinder | 1 Super Store Finder | 2024-11-21 | N/A | 9.8 CRITICAL |
| A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel. | |||||