Total
80 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3237 | 1 Otcms | 1 Otcms | 2024-05-17 | 5.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508. | |||||
| CVE-2023-2799 | 1 Cnoa Oa Project | 1 Cnoa Oa | 2024-05-17 | 5.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229376. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2645 | 1 Usr | 2 Usr-g806, Usr-g806 Firmware | 2024-05-17 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded password. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-228774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-0808 | 3 Bosswerk, Deyeinverter, Revolt-power | 6 Inverter, Inverter Firmware, Inverter and 3 more | 2024-05-17 | 3.7 LOW | 6.8 MEDIUM |
| A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability. | |||||
| CVE-2018-25069 | 1 Netis-systems | 2 Netcore Router, Netcore Router Firmware | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The identifier VDB-217593 was assigned to this vulnerability. | |||||
| CVE-2014-125030 | 1 Empress Project | 1 Empress | 2024-05-17 | 5.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The patch is identified as 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a patch to fix this issue. VDB-217154 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-34025 | 2024-05-16 | N/A | 9.8 CRITICAL | ||
| CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges. | |||||
| CVE-2024-33625 | 2024-05-16 | N/A | 9.8 CRITICAL | ||
| CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication. | |||||
| CVE-2024-32741 | 2024-05-14 | N/A | 10.0 CRITICAL | ||
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device. | |||||
| CVE-2023-32145 | 2024-05-03 | N/A | 8.8 HIGH | ||
| D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-18455. | |||||
| CVE-2023-51629 | 2024-05-03 | N/A | 6.3 MEDIUM | ||
| D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the ONVIF API. The issue results from the use of a hardcoded PIN. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21492. | |||||
| CVE-2024-29011 | 2024-05-01 | N/A | 7.5 HIGH | ||
| Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions. | |||||
| CVE-2024-21990 | 2024-04-18 | N/A | 5.4 MEDIUM | ||
| ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials. | |||||
| CVE-2024-27774 | 2024-03-18 | N/A | 7.5 HIGH | ||
| Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware | |||||
| CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2024-01-11 | N/A | 9.8 CRITICAL |
| IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. | |||||
| CVE-2023-28895 | 1 Preh | 2 Mib3, Mib3 Firmware | 2023-12-06 | N/A | 6.8 MEDIUM |
| The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | |||||
| CVE-2023-23771 | 1 Motorola | 2 Mbts Base Radio, Mbts Base Radio Firmware | 2023-11-07 | N/A | 8.4 HIGH |
| Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled. | |||||
| CVE-2023-23770 | 1 Motorola | 2 Mbts Site Controller, Mbts Site Controller Firmware | 2023-11-07 | N/A | 9.8 CRITICAL |
| Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled. | |||||
| CVE-2022-45444 | 1 Sewio | 1 Real-time Location System Studio | 2023-11-07 | N/A | 9.8 CRITICAL |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access. | |||||
| CVE-2023-41713 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2023-10-19 | N/A | 7.5 HIGH |
| SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. | |||||