Total
1396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0865 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-11-21 | N/A | 7.8 HIGH |
| CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. | |||||
| CVE-2023-6482 | 1 Synaptics | 1 Fingerprint Driver | 2024-11-21 | N/A | 5.2 MEDIUM |
| Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. | |||||
| CVE-2023-6198 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
| Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device. | |||||
| CVE-2023-5777 | 1 Weintek | 1 Easybuilder Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
| Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server. | |||||
| CVE-2023-5318 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 7.5 HIGH |
| Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. | |||||
| CVE-2023-5074 | 1 Dlink | 1 D-view 8 | 2024-11-21 | N/A | 9.8 CRITICAL |
| Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 | |||||
| CVE-2023-52723 | 2024-11-21 | N/A | 7.1 HIGH | ||
| In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value. | |||||
| CVE-2023-51588 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of a MySQL instance. The issue results from hardcoded database credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22075. | |||||
| CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. | |||||
| CVE-2023-50124 | 1 Flient | 2 Smart Lock Advanced, Smart Lock Advanced Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner. | |||||
| CVE-2023-4419 | 1 Sick | 6 Lms500, Lms500 Firmware, Lms511 and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device. | |||||
| CVE-2023-4204 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-11-21 | N/A | 5.4 MEDIUM |
| NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation. | |||||
| CVE-2023-49228 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-11-21 | N/A | 6.4 MEDIUM |
| An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root. | |||||
| CVE-2023-49224 | 2024-11-21 | N/A | 8.0 HIGH | ||
| Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges. | |||||
| CVE-2023-49223 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information. | |||||
| CVE-2023-49222 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges. | |||||
| CVE-2023-49221 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service code. | |||||
| CVE-2023-48392 | 1 Kaifa | 1 Webitr Attendance System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information. | |||||
| CVE-2023-48388 | 1 Multisuns | 2 Easylog Web\+, Easylog Web\+ Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service. | |||||
| CVE-2023-48374 | 1 Csharp | 1 Cws Collaborative Development Platform | 2024-11-21 | N/A | 6.5 MEDIUM |
| SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information. | |||||