Total
1389 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45165 | 2024-10-31 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "(c)2007 UCI Software GmbH B.Boll" (without quotes). The key is both static and hardcoded. With access to messages, this results in message decryption and encryption by an attacker. Thus, it enables passive and active man-in-the-middle attacks. | |||||
| CVE-2024-20280 | 2024-10-31 | N/A | 6.3 MEDIUM | ||
| A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key. | |||||
| CVE-2023-20512 | 2024-10-30 | N/A | 1.9 LOW | ||
| A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage. | |||||
| CVE-2024-45656 | 2024-10-29 | N/A | 9.8 CRITICAL | ||
| IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP. | |||||
| CVE-2024-48539 | 2024-10-25 | N/A | 9.8 CRITICAL | ||
| Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism. | |||||
| CVE-2024-4740 | 1 Moxa | 1 Mxsecurity | 2024-10-18 | N/A | 7.5 HIGH |
| MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data. | |||||
| CVE-2024-10025 | 2024-10-18 | N/A | 9.1 CRITICAL | ||
| A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password. | |||||
| CVE-2024-48192 | 2024-10-18 | N/A | 8.0 HIGH | ||
| Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root | |||||
| CVE-2024-45698 | 1 Dlink | 2 Dir-x4860, Dir-x4860 Firmware | 2024-10-15 | N/A | 9.8 CRITICAL |
| Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. | |||||
| CVE-2024-7206 | 2024-10-10 | N/A | N/A | ||
| SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware | |||||
| CVE-2024-8450 | 1 Planet | 4 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 1 more | 2024-10-04 | N/A | 9.8 CRITICAL |
| Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges. | |||||
| CVE-2024-8449 | 1 Planet | 4 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 1 more | 2024-10-04 | N/A | 6.8 MEDIUM |
| Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password. | |||||
| CVE-2024-8448 | 1 Planet | 4 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 1 more | 2024-10-04 | N/A | 8.8 HIGH |
| Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell. | |||||
| CVE-2024-23958 | 1 Autel | 2 Maxicharger Ac Elite Business C50, Maxicharger Ac Elite Business C50 Firmware | 2024-10-03 | N/A | 8.8 HIGH |
| Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BLE AppAuthenRequest command handler. The handler uses hardcoded credentials as a fallback in case of an authentication request failure. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23196 | |||||
| CVE-2024-43423 | 1 Doverfuelingsolutions | 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more | 2024-10-01 | N/A | 9.8 CRITICAL |
| The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. | |||||
| CVE-2024-45861 | 1 Kastle | 2 Access Control System, Access Control System Firmware | 2024-09-30 | N/A | 7.5 HIGH |
| Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information. | |||||
| CVE-2024-35118 | 1 Ibm | 1 Maas360 Mdm | 2024-09-19 | N/A | 4.6 MEDIUM |
| IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. | |||||
| CVE-2024-6656 | 1 Tnbmobil | 1 Cockpit | 2024-09-19 | N/A | 9.8 CRITICAL |
| Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13. | |||||
| CVE-2024-39585 | 1 Dell | 1 Smartfabric Os10 | 2024-09-17 | N/A | 8.1 HIGH |
| Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure. | |||||
| CVE-2024-28990 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-16 | N/A | 9.8 CRITICAL |
| SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. | |||||