Total
119 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32210 | 1 Lomag | 1 Warehouse Management | 2024-11-21 | 5.3 Medium |
| The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections. | ||||
| CVE-2024-2420 | 2024-11-21 | N/A | ||
| LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements. | ||||
| CVE-2024-2197 | 2024-11-21 | 4.3 Medium | ||
| The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points. | ||||
| CVE-2024-29011 | 2024-11-21 | 7.5 High | ||
| Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions. | ||||
| CVE-2024-28066 | 2024-11-21 | 8.8 High | ||
| In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). | ||||
| CVE-2024-28023 | 2024-11-21 | 5.7 Medium | ||
| A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code. | ||||
| CVE-2024-27488 | 2024-11-21 | 9.8 Critical | ||
| Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful api interface, but the secret is hardcoded by default. | ||||
| CVE-2023-5222 | 1 Viessmann | 2 Vitogate 300, Vitogate 300 Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2024-11-21 | 6.5 Medium |
| IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. | ||||
| CVE-2023-49963 | 2024-11-21 | 8.8 High | ||
| DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded password that could allow an attacker to take control. | ||||
| CVE-2023-46685 | 1 Level1 | 2 Wbr-6013, Wbr-6013 Firmware | 2024-11-21 | 9.8 Critical |
| A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution. | ||||
| CVE-2023-41713 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2024-11-21 | 7.5 High |
| SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. | ||||
| CVE-2023-41030 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-11-21 | 6.3 Medium |
| Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user. | ||||
| CVE-2023-3237 | 1 Otcms | 1 Otcms | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508. | ||||
| CVE-2023-32145 | 1 D-link | 1 Dap-1360 | 2024-11-21 | N/A |
| D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-18455. | ||||
| CVE-2023-2645 | 1 Usr | 2 Usr-g806, Usr-g806 Firmware | 2024-11-21 | 9.8 Critical |
| A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded password. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-228774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-23771 | 1 Motorola | 2 Mbts Base Radio, Mbts Base Radio Firmware | 2024-11-21 | 8.4 High |
| Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled. | ||||
| CVE-2023-23770 | 1 Motorola | 2 Mbts Site Controller, Mbts Site Controller Firmware | 2024-11-21 | 9.4 Critical |
| Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled. | ||||
| CVE-2023-0808 | 3 Bosswerk, Deyeinverter, Revolt-power | 6 Inverter, Inverter Firmware, Inverter and 3 more | 2024-11-21 | 3.9 Low |
| A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability. | ||||
| CVE-2022-30271 | 1 Motorola | 2 Ace1000, Ace1000 Firmware | 2024-11-21 | 9.8 Critical |
| The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default. | ||||