Total
1619 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-57040 | 1 Tp-link | 2 Tl-wr845n, Tl-wr845n Firmware | 2025-04-07 | N/A | 9.8 CRITICAL |
|
TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router.
|
|||||
| CVE-2024-34219 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-04 | N/A | 8.6 HIGH |
|
TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet.
|
|||||
| CVE-2024-35396 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
|
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.
|
|||||
| CVE-2005-0496 | 1 Arkeia | 1 Network Backup | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
|
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.
|
|||||
| CVE-2005-3716 | 1 Utstarcom | 2 F1000 Wi-fi, F1000 Wi-fi Firmware | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information.
|
|||||
| CVE-2005-3803 | 1 Cisco | 2 Unified Wireless Ip Phone 7920, Unified Wireless Ip Phone 7920 Firmware | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2000-1139 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 7.5 HIGH | N/A |
|
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
|
|||||
| CVE-2024-46429 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-28 | N/A | 8.8 HIGH |
|
A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges.
|
|||||
| CVE-2022-48067 | 1 Totolink | 2 A830r, A830r Firmware | 2025-03-28 | N/A | 5.5 MEDIUM |
|
An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack.
|
|||||
| CVE-2025-30118 | 2025-03-27 | N/A | 7.5 HIGH | ||
|
An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by occupying the only available connection. The SSID remains broadcast at all times, increasing exposure to potential attacks.
|
|||||
| CVE-2023-23132 | 1 Selfwealth | 1 Selfwealth | 2025-03-27 | N/A | 7.5 HIGH |
|
Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys.
|
|||||
| CVE-2024-13773 | 1 Uxper | 1 Civi | 2025-03-27 | N/A | 7.3 HIGH |
|
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys.
|
|||||
| CVE-2024-25731 | 1 Elinksmart | 1 Esmartcam | 2025-03-26 | N/A | 7.5 HIGH |
|
The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data (e.g., over Wi-Fi).
|
|||||
| CVE-2022-48113 | 1 Totolink | 2 N200re-v5, N200re-v5 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.
|
|||||
| CVE-2023-24147 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 7.5 HIGH |
|
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.
|
|||||
| CVE-2023-24155 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.
|
|||||
| CVE-2023-24149 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.
|
|||||
| CVE-2024-46433 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.8 HIGH |
|
A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges.
|
|||||
| CVE-2024-46436 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.3 HIGH |
|
Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.
|
|||||
| CVE-2025-30137 | 2025-03-25 | N/A | 9.8 CRITICAL | ||
|
An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to, the attacker sends a crafted authentication command with TibetList and 000000 to list settings of the dashcam at port 9091. There's a separate set of credentials for port 9092 (stream) that is also exp ...
Show More |
|||||
| CVE-2024-39838 | 1 Zexelon | 2 Zwx-2000csw2-hn, Zwx-2000csw2-hn Firmware | 2025-03-25 | N/A | 8.8 HIGH |
|
ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device.
|
|||||
| CVE-2017-1787 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | 2.1 LOW | 4.4 MEDIUM |
|
IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022.
|
|||||
| CVE-2022-45766 | 1 Keystorage | 1 Global Facilities Management Software | 2025-03-24 | N/A | 9.1 CRITICAL |
|
Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes.
|
|||||
| CVE-2024-1344 | 1 Laborofficefree | 1 Laborofficefree | 2025-03-24 | N/A | 6.8 MEDIUM |
|
Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOF_service.exe' and 'LaborOfficeFree.exe' located in the '%programfiles(x86)%\LaborOfficeFree\' directory. This user can log in remotely and has root-like privileges.
|
|||||
| CVE-2025-30123 | 2025-03-21 | N/A | 9.8 CRITICAL | ||
|
An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sensitive recorded footage from the device.
|
|||||
| CVE-2025-30109 | 2025-03-21 | N/A | 6.5 MEDIUM | ||
|
In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The mobile application for the dashcam contains hardcoded credentials that allow an attacker on the local Wi-Fi network to access API endpoints and retrieve sensitive device information, including live and recorded footage.
|
|||||
| CVE-2025-30122 | 2025-03-21 | N/A | 9.8 CRITICAL | ||
|
An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices.
|
|||||
| CVE-2025-2556 | 2025-03-20 | 3.3 LOW | 4.3 MEDIUM | ||
|
A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early abou ...
Show More |
|||||
| CVE-2024-38466 | 1 Guoxinled | 1 Synthesis Image System | 2025-03-19 | N/A | 9.8 CRITICAL |
|
Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password.
|
|||||
| CVE-2024-48126 | 2025-03-18 | N/A | 9.8 CRITICAL | ||
|
HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access.
|
|||||
| CVE-2024-57790 | 2025-03-17 | N/A | 5.4 MEDIUM | ||
|
IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH.
|
|||||
| CVE-2024-42638 | 1 H3c | 2 Magic B1st, Magic B1st Firmware | 2025-03-17 | N/A | 9.8 CRITICAL |
|
H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
|
|||||
| CVE-2025-1724 | 2025-03-17 | N/A | 7.4 HIGH | ||
|
Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token.
|
|||||
| CVE-2025-2343 | 2025-03-16 | 6.8 MEDIUM | 7.5 HIGH | ||
|
A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-2342 | 2025-03-16 | 5.0 MEDIUM | 5.3 MEDIUM | ||
|
A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2022-46637 | 1 Prolink2u | 2 Prs1841, Prs1841 Firmware | 2025-03-14 | N/A | 9.8 CRITICAL |
|
Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services.
|
|||||
| CVE-2024-0390 | 1 Inprax | 1 Izzi Connect | 2025-03-13 | N/A | 9.8 CRITICAL |
|
INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit "reQnet iZZi".This issue affects "iZZi connect" application versions before 2024010401.
|
|||||
| CVE-2024-33329 | 2025-03-13 | N/A | 7.5 HIGH | ||
|
A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information.
|
|||||
| CVE-2024-48007 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-03-13 | N/A | 5.3 MEDIUM |
|
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.
|
|||||
| CVE-2025-27255 | 2025-03-12 | N/A | 8.0 HIGH | ||
|
Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.
|
|||||