Total
171 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9358 | 1 Marel | 44 A320, A320 Firmware, A325 and 41 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above ...
Show More |
|||||
| CVE-2017-6039 | 1 Phoenixbroadband | 2 Poweragent Sc3 Bms, Poweragent Sc3 Bms Firmware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device.
|
|||||
| CVE-2017-6022 | 1 Bd | 2 Kla Journal Service, Performa | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database.
|
|||||
| CVE-2024-31810 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
|
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
|
|||||
| CVE-2024-34211 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | N/A | 8.8 HIGH |
|
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
|
|||||
| CVE-2024-35395 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | N/A | 8.8 HIGH |
|
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
|
|||||
| CVE-2025-30106 | 2025-03-21 | N/A | 8.8 HIGH | ||
|
On IROAD v9 devices, the dashcam has hardcoded default credentials ("qwertyuiop") that cannot be changed by the user. This allows an attacker within Wi-Fi range to connect to the device's network to perform sniffing.
|
|||||
| CVE-2025-2556 | 2025-03-20 | 3.3 LOW | 4.3 MEDIUM | ||
|
A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early abou ...
Show More |
|||||
| CVE-2025-2555 | 2025-03-20 | 1.2 LOW | 2.9 LOW | ||
|
A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrad ...
Show More |
|||||
| CVE-2025-2343 | 2025-03-16 | 6.8 MEDIUM | 7.5 HIGH | ||
|
A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-2342 | 2025-03-16 | 5.0 MEDIUM | 5.3 MEDIUM | ||
|
A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-27774 | 1 Unitronics | 1 Unilogic | 2025-03-10 | N/A | 7.5 HIGH |
|
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware
|
|||||
| CVE-2025-1879 | 1 I-drive | 4 I11, I11 Firmware, I12 and 1 more | 2025-03-05 | 2.1 LOW | 2.4 LOW |
|
A vulnerability was found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This issue affects some unknown processing of the component APK. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.
|
|||||
| CVE-2024-21990 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2025-02-10 | N/A | 5.4 MEDIUM |
|
ONTAP Select Deploy administration utility versions 9.12.1.x,
9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an
attacker to view Deploy configuration information and modify the
account credentials.
|
|||||
| CVE-2022-26388 | 2025-02-07 | N/A | 6.4 MEDIUM | ||
|
A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph:
Versions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:
Versions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph:
Versions 2.1.2 and prior; ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph:
Versions 2.2.0 and prior.
|
|||||
| CVE-2023-51629 | 1 Dlink | 2 Dcs-8300lhv2, Dcs-8300lhv2 Firmware | 2024-11-25 | N/A | 8.8 HIGH |
|
D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the ONVIF API. The issue results from the use of a hardcoded PIN. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21492.
|
|||||
| CVE-2024-11026 | 2 Free-now, Google | 2 Freenow, Android | 2024-11-23 | 2.6 LOW | 3.7 LOW |
|
A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore Handler. The manipulation of the argument DEFAULT_KEYSTORE_PASSWORD with the input changeit leads to use of hard-coded password. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exp ...
Show More |
|||||
| CVE-2024-11630 | 2024-11-22 | 7.5 HIGH | 7.3 HIGH | ||
|
A vulnerability has been found in E-Lins H685, H685f, H700, H720, H750, H820, H820Q, H820Q0 and H900 up to 3.2 and classified as critical. This vulnerability affects unknown code of the component OEM Backend. The manipulation leads to hard-coded credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-7216 | 1 Totolink | 2 Lr1200, Lr1200 Firmware | 2024-11-21 | 1.4 LOW | 2.6 LOW |
|
A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272787. NOTE: The vendor was contacted early about this disclosure but did not res ...
Show More |
|||||
| CVE-2024-7170 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-7159 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier VDB-272573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-7155 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 1.0 LOW | 2.5 LOW |
|
A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this v ...
Show More |
|||||
| CVE-2024-5275 | 2024-11-21 | N/A | 7.8 HIGH | ||
|
A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of FileCatalyst Workflow from 5.1.6 Build 130 and earlier.
|
|||||
| CVE-2024-4708 | 1 Myscada | 1 Mypro | 2024-11-21 | N/A | 9.8 CRITICAL |
|
mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
|
|||||
| CVE-2024-39345 | 1 Adtran | 2 834-5, Sdg Smartos | 2024-11-21 | N/A | 7.2 HIGH |
|
AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute a ...
Show More |
|||||
| CVE-2024-34539 | 2024-11-21 | N/A | 9.4 CRITICAL | ||
|
Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions.
|
|||||
| CVE-2024-2197 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
|
The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points.
|
|||||
| CVE-2024-29011 | 2024-11-21 | N/A | 7.5 HIGH | ||
|
Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability.
This issue affects GMS: 9.3.4 and earlier versions.
|
|||||
| CVE-2024-28023 | 2024-11-21 | N/A | 5.7 MEDIUM | ||
|
A vulnerability exists in the message queueing mechanism that if
exploited can lead to the exposure of resources or functionality to
unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
|
|||||
| CVE-2024-27488 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful api interface, but the secret is hardcoded by default.
|
|||||
| CVE-2024-27164 | 2024-11-21 | N/A | 7.1 HIGH | ||
|
Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL.
|
|||||
| CVE-2024-26196 | 1 Microsoft | 1 Edge | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
|
|||||
| CVE-2023-5222 | 1 Viessmann | 2 Vitogate 300, Vitogate 300 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671.
|
|||||
| CVE-2023-49963 | 2024-11-21 | N/A | 8.8 HIGH | ||
|
DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded password that could allow an attacker to take control.
|
|||||
| CVE-2023-41713 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2024-11-21 | N/A | 7.5 HIGH |
|
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
|
|||||
| CVE-2023-41030 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
|
Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.
|
|||||
| CVE-2023-3237 | 1 Otcms | 1 Otcms | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508.
|
|||||
| CVE-2023-2799 | 1 Cnoa Oa Project | 1 Cnoa Oa | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229376. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-2645 | 1 Usr | 2 Usr-g806, Usr-g806 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded password. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-228774 is the identifier assigned to this vulnerability. NOTE: The ve ...
Show More |
|||||