Total
1366 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46247 | 1 Asus | 2 Cmax6000, Cmax6000 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00. | |||||
| CVE-2021-46008 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 7.9 HIGH | 8.8 HIGH |
| In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on. | |||||
| CVE-2021-45913 | 1 Controlup | 1 Controlup Agent | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel. | |||||
| CVE-2021-45877 | 1 Garo | 6 Wallbox Glb, Wallbox Glb Firmware, Wallbox Gtb and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page. | |||||
| CVE-2021-45841 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest. | |||||
| CVE-2021-45732 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed. | |||||
| CVE-2021-45522 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2024-11-21 | 7.5 HIGH | 6.1 MEDIUM |
| NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded password. | |||||
| CVE-2021-45521 | 1 Netgear | 6 Rbk352, Rbk352 Firmware, Rbr350 and 3 more | 2024-11-21 | 3.3 LOW | 7.4 HIGH |
| Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. | |||||
| CVE-2021-45520 | 1 Netgear | 6 Rbk352, Rbk352 Firmware, Rbr350 and 3 more | 2024-11-21 | 5.8 MEDIUM | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. | |||||
| CVE-2021-45458 | 1 Apache | 1 Kylin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. | |||||
| CVE-2021-45106 | 1 Siemens | 1 Sicam Toolbox Ii | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database. | |||||
| CVE-2021-45033 | 1 Siemens | 8 Cp-8000 Master Module With I\/o -25\/\+70, Cp-8000 Master Module With I\/o -25\/\+70 Firmware, Cp-8000 Master Module With I\/o -40\/\+70 and 5 more | 2024-11-21 | 8.5 HIGH | 8.8 HIGH |
| A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device. | |||||
| CVE-2021-44720 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-11-21 | N/A | 7.2 HIGH |
| In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role. | |||||
| CVE-2021-44464 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software. | |||||
| CVE-2021-43575 | 1 Knx | 1 Engineering Tool Software 6 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported | |||||
| CVE-2021-43284 | 1 Govicture | 2 Wr1200, Wr1200 Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface). | |||||
| CVE-2021-43282 | 1 Govicture | 2 Wr1200, Wr1200 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router's MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network interface controller (NIC). An attacker within scanning range of the Wi-Fi network can thus scan for Wi-Fi networks to obtain the default key. | |||||
| CVE-2021-43136 | 1 Formalms | 1 Formalms | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform. | |||||
| CVE-2021-43052 | 1 Tibco | 1 Ftl | 2024-11-21 | 5.0 MEDIUM | 9.3 CRITICAL |
| The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below. | |||||
| CVE-2021-43044 | 1 Kaseya | 1 Unitrends Backup | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community. | |||||