Vulnerabilities (CVE)

Filtered by CWE-798
Total 1702 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-39582 1 Dell 1 Insightiq 2026-06-17 N/A 2.3 LOW
Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2024-39374 1 Markoni 4 Markoni-d \(compact\), Markoni-d \(compact\) Firmware, Markoni-dh \(exciter\+amplifiers\) and 1 more 2026-06-17 N/A 9.8 CRITICAL
TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded credentials.
CVE-2024-39208 2026-06-17 N/A 9.8 CRITICAL
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.
CVE-2024-38648 1 Ivanti 1 Desktop \& Server Management 2026-06-17 N/A 5.7 MEDIUM
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials.
CVE-2024-38480 2026-06-17 N/A 4.0 MEDIUM
"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.
CVE-2024-38466 1 Guoxinled 1 Synthesis Image System 2026-06-17 N/A 9.8 CRITICAL
Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password.
CVE-2024-38281 1 Motorola 2 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware 2026-06-17 N/A 9.8 CRITICAL
An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device.
CVE-2024-37630 1 Dlink 2 Dir-605l, Dir-605l Firmware 2026-06-17 N/A 8.8 HIGH
D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root.
CVE-2024-36782 1 Totolink 2 Cp300, Cp300 Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVE-2024-36556 2026-06-17 N/A 9.1 CRITICAL
Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h, and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b have a Hardcoded password vulnerability.
CVE-2024-36496 2026-06-17 N/A 7.5 HIGH
The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm (no salt) and uses the first five bytes as the key for RC4. The configuration file is then encrypted with these parameters.
CVE-2024-36480 2026-06-17 N/A 9.8 CRITICAL
Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the PC.
CVE-2024-36248 2026-06-17 N/A 9.1 CRITICAL
API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVE-2024-36049 2026-06-17 N/A 6.5 MEDIUM
Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personally identifiable information (PII) and especially payroll data and the ability to impersonate legitimate users with respect to the audit log.
CVE-2024-35396 1 Totolink 2 Cp900l, Cp900l Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.
CVE-2024-35338 1 Tendacn 2 I29, I29 Firmware 2026-06-17 N/A 9.8 CRITICAL
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
CVE-2024-35244 2026-06-17 N/A 9.1 CRITICAL
There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVE-2024-35118 1 Ibm 1 Maas360 Mdm 2026-06-17 N/A 4.6 MEDIUM
IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device.
CVE-2024-34219 1 Totolink 2 Cp450, Cp450 Firmware 2026-06-17 N/A 8.6 HIGH
TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet.
CVE-2024-33895 1 Hms-networks 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more 2026-06-17 N/A 6.6 MEDIUM
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device.