Vulnerabilities (CVE)

Filtered by CWE-798
Total 1704 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24155 1 Totolink 2 T8, T8 Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.
CVE-2023-24149 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.
CVE-2023-24147 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2026-06-17 N/A 7.5 HIGH
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.
CVE-2023-24022 1 Baicells 5 Nova227, Nova233, Nova243 and 2 more 2026-06-17 N/A 10.0 CRITICAL
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)
CVE-2023-23771 1 Motorola 2 Mbts Base Radio, Mbts Base Radio Firmware 2026-06-17 N/A 8.4 HIGH
Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.
CVE-2023-23770 1 Motorola 2 Mbts Site Controller, Mbts Site Controller Firmware 2026-06-17 N/A 9.4 CRITICAL
Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.
CVE-2023-23132 1 Selfwealth 1 Selfwealth 2026-06-17 N/A 7.5 HIGH
Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys.
CVE-2023-22957 1 Audiocodes 12 405hd, 405hd Firmware, 445hd and 9 more 2026-06-17 N/A 7.5 HIGH
An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.
CVE-2023-22956 1 Audiocodes 12 405hd, 405hd Firmware, 445hd and 9 more 2026-06-17 N/A 7.5 HIGH
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.
CVE-2023-22495 1 Maif 1 Izanami 2026-06-17 N/A 9.8 CRITICAL
Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token (JWT), an attacker could compromise another instance of Izanami. This issue has been patched in version 1.11.0.
CVE-2023-22463 1 Fit2cloud 1 Kubepi 2026-06-17 N/A 9.8 CRITICAL
KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code. The vulnerability has been fixed in 1.6.3. In the patch, JWT key is specified in app.yml. If the user leaves it blank, a random key will be used. There are no workarounds aside from upgrading.
CVE-2023-22429 1 Wolt 1 Wolt Delivery 2026-06-17 N/A 7.8 HIGH
Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials (API key for an external service), which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary.
CVE-2023-22344 1 Dos-osaka 2 Rakuraku Pc Cloud Agent, Ss1 2026-06-17 N/A 9.8 CRITICAL
Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.
CVE-2023-21652 1 Qualcomm 240 Aqt1000, Aqt1000 Firmware, Ar8035 and 237 more 2026-06-17 N/A 7.7 HIGH
Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.
CVE-2023-21524 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 9 more 2026-06-17 N/A 7.8 HIGH
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVE-2023-21426 1 Samsung 1 Android 2026-06-17 N/A 4.3 MEDIUM
Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.
CVE-2023-20512 2026-06-17 N/A 1.9 LOW
A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage.
CVE-2023-20101 1 Cisco 1 Emergency Responder 2026-06-17 N/A 9.8 CRITICAL
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.
CVE-2023-20038 1 Cisco 1 Industrial Network Director 2026-06-17 N/A 8.8 HIGH
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director.
CVE-2023-1944 1 Kubernetes 1 Minikube 2026-06-17 N/A 8.4 HIGH
This vulnerability enables ssh access to minikube container using a default password.