Total
1366 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1063 | 1 Cisco | 12 Unified Ip Phone 7906g, Unified Ip Phone 7911g, Unified Ip Phone 7941g and 9 more | 2025-04-09 | 10.0 HIGH | N/A |
| The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device. | |||||
| CVE-2006-7074 | 1 Smartsitecms | 1 Smartsitecms | 2025-04-09 | 7.5 HIGH | N/A |
| admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie. | |||||
| CVE-2006-7142 | 1 Utimaco | 1 Safeguard | 2025-04-09 | 4.1 MEDIUM | 7.8 HIGH |
| The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive. | |||||
| CVE-2008-0961 | 1 Emc | 1 Diskxtender | 2025-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. | |||||
| CVE-2008-1160 | 1 Zyxel | 2 Zywall 1050, Zywall 1050 Firmware | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. | |||||
| CVE-2008-2369 | 1 Redhat | 1 Satellite | 2025-04-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements. | |||||
| CVE-2024-41794 | 2025-04-08 | N/A | 10.0 CRITICAL | ||
| A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793). | |||||
| CVE-2022-39185 | 1 Exfo | 2 Bv-10, Bv-10 Firmware | 2025-04-08 | N/A | 9.8 CRITICAL |
| EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user. | |||||
| CVE-2024-52788 | 1 Tenda | 2 W9, W9 Firmware | 2025-04-07 | N/A | 8.0 HIGH |
| Tenda W9 v1.0.0.7(4456) was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | |||||
| CVE-2024-52789 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-07 | N/A | 8.0 HIGH |
| Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | |||||
| CVE-2024-50688 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | N/A | 9.8 CRITICAL |
| SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regardless of the user account) and the cloud uses the same MQTT credentials for exchanging the device telemetry. | |||||
| CVE-2024-57040 | 1 Tp-link | 2 Tl-wr845n, Tl-wr845n Firmware | 2025-04-07 | N/A | 9.8 CRITICAL |
| TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. | |||||
| CVE-2024-34219 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-04 | N/A | 8.6 HIGH |
| TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. | |||||
| CVE-2024-20439 | 1 Cisco | 1 Smart License Utility | 2025-04-03 | N/A | 9.8 CRITICAL |
| A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API. | |||||
| CVE-2024-35396 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. | |||||
| CVE-2005-0496 | 1 Arkeia | 1 Network Backup | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands. | |||||
| CVE-2000-1139 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 7.5 HIGH | N/A |
| The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. | |||||
| CVE-2005-3803 | 1 Cisco | 2 Unified Wireless Ip Phone 7920, Unified Wireless Ip Phone 7920 Firmware | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-3716 | 1 Utstarcom | 2 F1000 Wi-fi, F1000 Wi-fi Firmware | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information. | |||||
| CVE-2025-2538 | 2025-04-01 | N/A | 9.8 CRITICAL | ||
| A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote authenticated attacker to gain administrative access to the system. | |||||