Vulnerabilities (CVE)

Filtered by CWE-798
Total 1704 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1748 1 Getnexx 8 Nxal-100, Nxal-100 Firmware, Nxg-100b and 5 more 2026-06-17 N/A 9.3 CRITICAL
The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer.
CVE-2023-1269 1 Easyappointments 1 Easyappointments 2026-06-17 N/A 9.8 CRITICAL
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-0808 3 Bosswerk, Deyeinverter, Revolt-power 6 Inverter, Inverter Firmware, Inverter and 3 more 2026-06-17 3.7 LOW 3.9 LOW
A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability.
CVE-2023-0391 1 Mgt-commerce 1 Cloudpanel 2026-06-17 N/A 8.1 HIGH
MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.
CVE-2022-50696 1 Sound4 17 Big Voice2, Big Voice2 Firmware, Big Voice4 and 14 more 2026-06-17 N/A 9.8 CRITICAL
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions without requiring user interaction.
CVE-2022-4780 1 Elvexys 1 Isos Firmware 2026-06-17 N/A 4.5 MEDIUM
ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.
CVE-2022-4611 1 Clickstudios 1 Passwordstate 2026-06-17 N/A 4.3 MEDIUM
A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216273 was assigned to this vulnerability.
CVE-2022-4333 1 Sprecher-automation 18 Sprecon-e-c, Sprecon-e-c Firmware, Sprecon-e-p Dl6-1 and 15 more 2026-06-17 N/A 9.8 CRITICAL
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.
CVE-2022-48113 1 Totolink 2 N200re-v5, N200re-v5 Firmware 2026-06-17 N/A 9.8 CRITICAL
A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.
CVE-2022-48067 1 Totolink 2 A830r, A830r Firmware 2026-06-17 N/A 5.5 MEDIUM
An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack.
CVE-2022-47891 1 Riello-ups 2 Netman 204, Netman 204 Firmware 2026-06-17 N/A 8.1 HIGH
All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.
CVE-2022-47618 1 Meritlilin 4 Ah55b04, Ah55b04 Firmware, Ah55b08 and 1 more 2026-06-17 N/A 9.8 CRITICAL
Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service.
CVE-2022-47617 1 Hitrontech 2 Coda-5310, Coda-5310 Firmware 2026-06-17 N/A 7.2 HIGH
Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption.
CVE-2022-47558 1 Ormazabal 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more 2026-06-17 N/A 9.4 CRITICAL
Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors.
CVE-2022-46637 1 Prolink2u 2 Prs1841, Prs1841 Firmware 2026-06-17 N/A 9.8 CRITICAL
Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services.
CVE-2022-45766 1 Keystorage 1 Global Facilities Management Software 2026-06-17 N/A 9.1 CRITICAL
Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes.
CVE-2022-45444 1 Sewio 1 Real-time Location System Studio 2026-06-17 N/A 10.0 CRITICAL
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access.
CVE-2022-45425 1 Dahuasecurity 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more 2026-06-17 N/A 7.5 HIGH
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.
CVE-2022-45291 1 Pwsdashboard 1 Personal Weather Station Dashboard 2026-06-17 N/A 7.2 HIGH
PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022.
CVE-2022-44612 1 Intel 1 Unison 2026-06-17 N/A 5.5 MEDIUM
Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access.