Vulnerabilities (CVE)

Filtered by CWE-798
Total 1224 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-37255 1 Tp-link 2 Tapo C310, Tapo C310 Firmware 2023-04-21 N/A 7.5 HIGH
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603.
CVE-2023-22429 1 Wolt 1 Wolt Delivery 2023-04-18 N/A 7.8 HIGH
Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials (API key for an external service), which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary.
CVE-2023-28503 2 Linux, Rocketsoftware 3 Linux Kernel, Unidata, Universe 2023-04-12 N/A 9.8 CRITICAL
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.
CVE-2021-40422 1 Swiftsensors 2 Sg3-1010, Sg3-1010 Firmware 2023-04-04 10.0 HIGH 10.0 CRITICAL
An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2019-1935 1 Cisco 3 Integrated Management Controller Supervisor, Ucs Director, Ucs Director Express For Big Data 2023-03-31 10.0 HIGH 9.8 CRITICAL
A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.
CVE-2023-0391 1 Mgt-commerce 1 Cloudpanel 2023-03-27 N/A 8.1 HIGH
MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.
CVE-2017-10616 1 Juniper 1 Contrail 2023-03-24 6.4 MEDIUM 5.3 MEDIUM
The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).
CVE-2019-1688 1 Cisco 1 Network Assurance Engine 2023-03-23 5.6 MEDIUM 7.1 HIGH
A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1).
CVE-2023-26511 1 Propius 1 Machineselector 2023-03-20 N/A 9.8 CRITICAL
A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows taking control of the affected system.
CVE-2023-1269 1 Easyappointments 1 Easyappointments 2023-03-14 N/A 9.8 CRITICAL
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-22344 1 Dos-osaka 2 Rakuraku Pc Cloud Agent, Ss1 2023-03-13 N/A 9.8 CRITICAL
Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.
CVE-2022-46637 1 Prolink2u 2 Prs1841, Prs1841 Firmware 2023-03-02 N/A 9.8 CRITICAL
Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services.
CVE-2019-10990 1 Redlion 1 Crimson 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.
CVE-2022-31619 1 Siemens 1 Teamcenter 2023-02-23 6.5 MEDIUM 8.8 HIGH
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions.
CVE-2023-21426 1 Samsung 1 Android 2023-02-21 N/A 5.5 MEDIUM
Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.
CVE-2022-45766 1 Keystorage 1 Global Facilities Management Software 2023-02-17 N/A 9.1 CRITICAL
Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes.
CVE-2020-10884 1 Tp-link 2 Ac1750, Ac1750 Firmware 2023-02-16 5.8 MEDIUM 8.8 HIGH
This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652.
CVE-2021-36224 1 Westerndigital 2 My Cloud Os, My Cloud Pr4100 2023-02-14 N/A 9.8 CRITICAL
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.
CVE-2021-29728 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, Linux On Ibm Z and 5 more 2023-02-14 4.0 MEDIUM 4.9 MEDIUM
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160.
CVE-2014-0175 3 Debian, Puppet, Redhat 3 Debian Linux, Marionette Collective, Openshift 2023-02-13 7.5 HIGH 9.8 CRITICAL
mcollective has a default password set at install