Total
1366 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46429 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-28 | N/A | 8.8 HIGH |
| A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges. | |||||
| CVE-2022-48067 | 1 Totolink | 2 A830r, A830r Firmware | 2025-03-28 | N/A | 5.5 MEDIUM |
| An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack. | |||||
| CVE-2024-29855 | 2025-03-27 | N/A | 9.0 CRITICAL | ||
| Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator | |||||
| CVE-2025-30118 | 2025-03-27 | N/A | 7.5 HIGH | ||
| An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by occupying the only available connection. The SSID remains broadcast at all times, increasing exposure to potential attacks. | |||||
| CVE-2023-23132 | 1 Selfwealth | 1 Selfwealth | 2025-03-27 | N/A | 7.5 HIGH |
| Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys. | |||||
| CVE-2022-28810 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-03-27 | 7.1 HIGH | 6.8 MEDIUM |
| Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field. | |||||
| CVE-2024-13773 | 1 Uxper | 1 Civi | 2025-03-27 | N/A | 7.3 HIGH |
| The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys. | |||||
| CVE-2024-25731 | 1 Elinksmart | 1 Esmartcam | 2025-03-26 | N/A | 7.5 HIGH |
| The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data (e.g., over Wi-Fi). | |||||
| CVE-2022-48113 | 1 Totolink | 2 N200re-v5, N200re-v5 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials. | |||||
| CVE-2023-24147 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 7.5 HIGH |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini. | |||||
| CVE-2023-24155 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini. | |||||
| CVE-2023-24149 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow. | |||||
| CVE-2024-24681 | 1 Yealink | 1 Configuration Encryption Tool | 2025-03-25 | N/A | 9.8 CRITICAL |
| An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers' installations. | |||||
| CVE-2024-46433 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.8 HIGH |
| A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges. | |||||
| CVE-2024-46436 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.3 HIGH |
| Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service. | |||||
| CVE-2025-30137 | 2025-03-25 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to, the attacker sends a crafted authentication command with TibetList and 000000 to list settings of the dashcam at port 9091. There's a separate set of credentials for port 9092 (stream) that is also exposed in cleartext: admin + tibet. For settings, the required credentials are adim + 000000. | |||||
| CVE-2024-39838 | 1 Zexelon | 2 Zwx-2000csw2-hn, Zwx-2000csw2-hn Firmware | 2025-03-25 | N/A | 8.8 HIGH |
| ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device. | |||||
| CVE-2017-1787 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | 2.1 LOW | 4.4 MEDIUM |
| IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022. | |||||
| CVE-2022-45766 | 1 Keystorage | 1 Global Facilities Management Software | 2025-03-24 | N/A | 9.1 CRITICAL |
| Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes. | |||||
| CVE-2025-30123 | 2025-03-21 | N/A | 9.8 CRITICAL | ||
| An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sensitive recorded footage from the device. | |||||