Vulnerabilities (CVE)

Filtered by CWE-798
Total 1704 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-44411 1 Dlink 1 D-view 8 2026-06-17 N/A 9.8 CRITICAL
D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InstallApplication class. The class contains a hard-coded password for the remotely reachable database. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19553.
CVE-2023-44296 1 Dell 1 E-lab Navigator 2026-06-17 N/A 8.4 HIGH
Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information.
CVE-2023-43870 1 Paxton-access 1 Net2 2026-06-17 N/A 8.1 HIGH
When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content.
CVE-2023-43637 1 Lfedge 1 Eve 2026-06-17 N/A 7.8 HIGH
Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" (which will always return "foobarfoobarfoobarfoobarfoobarfo" as the key), and then merges the 32byte randomly generated key with this key (by takeing 16bytes from each, see "mergeKeys"). This makes the key a lot weaker. This issue does not persist in devices that were initialized on/after version 7.10, but devices that were initialized before that and updated to a newer version still have this issue. Roll an update that enforces the full 32bytes key usage.
CVE-2023-43583 1 Zoom 3 Meeting Software Development Kit, Video Software Development Kit, Zoom 2026-06-17 N/A 4.9 MEDIUM
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.
CVE-2023-42492 1 Busbaer 1 Eisbaer Scada 2026-06-17 N/A 7.1 HIGH
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key
CVE-2023-42336 1 Netis-systems 2 Wf2409e, Wf2409e Firmware 2026-06-17 N/A 9.8 CRITICAL
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.
CVE-2023-42328 1 Peppermint 1 Peppermint 2026-06-17 N/A 8.8 HIGH
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.
CVE-2023-41919 1 Kiloview 4 P1, P1 Firmware, P2 and 1 more 2026-06-17 N/A 9.8 CRITICAL
Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access.
CVE-2023-41878 1 Metersphere 1 Metersphere 2026-06-17 N/A 4.6 MEDIUM
MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-41713 1 Sonicwall 61 Nsa2700, Nsa3700, Nsa4700 and 58 more 2026-06-17 N/A 7.5 HIGH
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
CVE-2023-41612 1 Govicture 2 Pc420, Pc420 Firmware 2026-06-17 N/A 8.8 HIGH
Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card.
CVE-2023-41611 1 Govicture 2 Pc420, Pc420 Firmware 2026-06-17 N/A 6.5 MEDIUM
Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data.
CVE-2023-41610 1 Govicture 2 Pc420, Pc420 Firmware 2026-06-17 N/A 8.8 HIGH
Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.
CVE-2023-41595 1 Vaxilu 1 X-ui 2026-06-17 N/A 7.5 HIGH
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.
CVE-2023-41508 1 Superstorefinder 1 Super Store Finder 2026-06-17 N/A 9.8 CRITICAL
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.
CVE-2023-41372 1 Boschrexroth 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more 2026-06-17 N/A 7.8 HIGH
The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair
CVE-2023-41137 1 Appsanywhere 1 Appsanywhere Client 2026-06-17 N/A 8.0 HIGH
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.
CVE-2023-41030 1 Juplink 2 Rx4-1500, Rx4-1500 Firmware 2026-06-17 5.8 MEDIUM 6.3 MEDIUM
Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.
CVE-2023-40717 1 Fortinet 1 Fortitester 2026-06-17 N/A 5.3 MEDIUM
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.