Vulnerabilities (CVE)

Filtered by CWE-798
Total 1705 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22466 1 Ibm 1 Security Verify Governance 2026-06-17 N/A 6.8 MEDIUM
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.
CVE-2022-22144 1 Tcl 1 Linkhub Mesh Wifi Ac1200 2026-06-17 N/A 9.8 CRITICAL
A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this vulnerability.
CVE-2022-22056 1 Le-yan Dental Management System Project 1 Le-yan Dental Management System 2026-06-17 10.0 HIGH 9.8 CRITICAL
The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service.
CVE-2022-21669 1 Puddingbot Project 1 Puddingbot 2026-06-17 5.0 MEDIUM 9.1 CRITICAL
PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date.
CVE-2022-21199 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
CVE-2022-21194 1 Yokogawa 5 Centum Vp, Centum Vp Entry, Centum Vp Entry Firmware and 2 more 2026-06-17 6.8 MEDIUM 9.8 CRITICAL
The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00.
CVE-2022-20868 1 Cisco 4 Asyncos, Secure Email And Web Manager, Secure Email Gateway and 1 more 2026-06-17 N/A 4.7 MEDIUM
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account.
CVE-2022-20844 1 Cisco 1 Sd-wan 2026-06-17 N/A 5.3 MEDIUM
A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.
CVE-2022-1701 1 Sonicwall 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.
CVE-2022-1400 1 Device42 1 Cmdb 2026-06-17 N/A 7.1 HIGH
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00.
CVE-2022-1162 1 Gitlab 1 Gitlab 2026-06-17 7.5 HIGH 9.1 CRITICAL
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts
CVE-2022-0131 1 Jmty 1 Jimoty 2026-06-17 2.1 LOW 3.3 LOW
Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
CVE-2021-4228 1 Lannerinc 2 Iac-ast2500, Iac-ast2500 Firmware 2026-06-17 N/A 5.8 MEDIUM
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0.
CVE-2021-47796 2026-06-17 N/A 9.8 CRITICAL
Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default credential to execute arbitrary commands on the camera's operating system.
CVE-2021-47744 2026-06-17 N/A 7.5 HIGH
Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices.
CVE-2021-46247 1 Asus 2 Cmax6000, Cmax6000 Firmware 2026-06-17 5.0 MEDIUM 7.5 HIGH
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00.
CVE-2021-45913 1 Controlup 1 Controlup Agent 2026-06-17 9.0 HIGH 7.2 HIGH
A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel.
CVE-2021-45877 1 Garo 6 Wallbox Glb, Wallbox Glb Firmware, Wallbox Gtb and 3 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page.
CVE-2021-45841 1 Terra-master 3 F2-210, F4-210, Tos 2026-06-17 6.8 MEDIUM 8.1 HIGH
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest.
CVE-2021-45732 1 Netgear 2 R6700, R6700 Firmware 2026-06-17 6.5 MEDIUM 8.8 HIGH
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.