Vulnerabilities (CVE)

Filtered by CWE-798
Total 1704 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-34219 1 Totolink 2 Cp450, Cp450 Firmware 2026-06-17 N/A 8.6 HIGH
TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet.
CVE-2024-33895 1 Hms-networks 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more 2026-06-17 N/A 6.6 MEDIUM
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device.
CVE-2024-33329 2026-06-17 N/A 7.5 HIGH
A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information.
CVE-2024-32988 2026-06-17 N/A 7.5 HIGH
'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered.
CVE-2024-32740 1 Siemens 2 Simatic Cn 4100, Simatic Cn 4100 Firmware 2026-06-17 N/A 9.8 CRITICAL
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network.
CVE-2024-32053 1 Cyberpower 1 Powerpanel 2026-06-17 N/A 9.8 CRITICAL
Hard-coded credentials are used by theĀ  CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application.
CVE-2024-31873 1 Ibm 1 Security Verify Access 2026-06-17 N/A 7.5 HIGH
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.
CVE-2024-31810 1 Totolink 2 Ex200, Ex200 Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
CVE-2024-31798 1 Gncchome 2 Gncc C2, Gncc C2 Firmware 2026-06-17 N/A 6.8 MEDIUM
Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices
CVE-2024-31151 1 Level1 2 Wbr-6012, Wbr-6012 Firmware 2026-06-17 N/A 8.1 HIGH
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be found at addresses 0x 803cdd0f and 0x803da3e6: 803cdd0f 41 72 69 65 ds "AriesSerenaCairryNativitaMegan" 73 53 65 72 65 6e 61 43 ... It is referenced by the function at 0x800b78b0 and simplified in the pseudocode below: if (is_equal = strcmp(password,"AriesSerenaCairryNativitaMegan"){ ret = 3;} Where 3 is the return value to user-level access (0 being fail and 1 being admin/backdoor). While there's no legitimate functionality to change this password, once authenticated it is possible manually make a change by taking advantage of TALOS-2024-XXXXX using HTTP POST paramater "Pu" (new user password) in place of "Pa" (new admin password).
CVE-2024-29966 1 Broadcom 1 Brocade Sannav 2026-06-17 N/A 7.5 HIGH
Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance.
CVE-2024-29963 1 Broadcom 1 Brocade Sannav 2026-06-17 N/A 1.9 LOW
Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries.
CVE-2024-29960 1 Broadcom 1 Brocade Sannav 2026-06-17 N/A 6.8 MEDIUM
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.
CVE-2024-29855 1 Veeam 1 Recovery Orchestrator 2026-06-17 N/A 9.0 CRITICAL
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
CVE-2024-29170 1 Dell 1 Powerscale Onefs 2026-06-17 N/A 8.1 HIGH
Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service.
CVE-2024-29063 1 Microsoft 1 Azure Ai Search 2026-06-17 N/A 7.3 HIGH
Azure AI Search Information Disclosure Vulnerability
CVE-2024-28990 1 Solarwinds 1 Access Rights Manager 2026-06-17 N/A 6.3 MEDIUM
SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
CVE-2024-28989 1 Solarwinds 1 Web Help Desk 2026-06-17 N/A 5.5 MEDIUM
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
CVE-2024-28987 1 Solarwinds 1 Web Help Desk 2026-06-17 N/A 9.1 CRITICAL
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
CVE-2024-28875 1 Level1 2 Wbr-6012, Wbr-6012 Firmware 2026-06-17 N/A 8.1 HIGH
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be found at address 0x80100910 80100910 40 6d 21 74 ds "@m!t2K1" 32 4b 31 00 It is referenced by the function located at 0x800b78b0 and is used as shown in the pseudocode below: if ((SECOND_FROM_BOOT_TIME < 300) && (is_equal = strcmp(password,"@m!t2K1")) { return 1;} Where 1 is the return value to admin-level access (0 being fail and 3 being user).