Total
1619 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45275 | 2 Helmholz, Mbconnectline | 4 Rex 100, Rex 100 Firmware, Mbnet.mini and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.
|
|||||
| CVE-2024-41689 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-11-21 | N/A | 4.6 MEDIUM |
|
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system.
Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system.
|
|||||
| CVE-2024-3408 | 1 Man | 1 D-tale | 2024-11-21 | N/A | 9.8 CRITICAL |
|
man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, ...
Show More |
|||||
| CVE-2024-39374 | 1 Markoni | 4 Markoni-d \(compact\), Markoni-d \(compact\) Firmware, Markoni-dh \(exciter\+amplifiers\) and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded credentials.
|
|||||
| CVE-2024-39208 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.
|
|||||
| CVE-2024-38480 | 2024-11-21 | N/A | 4.0 MEDIUM | ||
|
"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.
|
|||||
| CVE-2024-38281 | 1 Motorola | 2 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device.
|
|||||
| CVE-2024-36496 | 2024-11-21 | N/A | 7.5 HIGH | ||
|
The configuration file is encrypted with a static key derived from a
static five-character password which allows an attacker to decrypt this
file. The application hashes this five-character password with
the outdated and broken MD5 algorithm (no salt) and uses the first five
bytes as the key for RC4. The configuration file is then encrypted with
these parameters.
|
|||||
| CVE-2024-36480 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the PC.
|
|||||
| CVE-2024-36049 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personally identifiable information (PII) and especially payroll data and the ability to impersonate legitimate users with respect to the audit log.
|
|||||
| CVE-2024-35338 | 1 Tendacn | 2 I29, I29 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
|
|||||
| CVE-2024-32988 | 2024-11-21 | N/A | 7.5 HIGH | ||
|
'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered.
|
|||||
| CVE-2024-2161 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .
|
|||||
| CVE-2024-28747 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
|
|||||
| CVE-2024-27170 | 2024-11-21 | N/A | 7.4 HIGH | ||
|
It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL.
|
|||||
| CVE-2024-27168 | 2024-11-21 | N/A | 7.1 HIGH | ||
|
It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL.
|
|||||
| CVE-2024-27161 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
|
all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the ...
Show More |
|||||
| CVE-2024-27160 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
|
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point.
https://www.toshibat ...
Show More |
|||||
| CVE-2024-27159 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
|
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point.
https://www.toshibat ...
Show More |
|||||
| CVE-2024-27107 | 2024-11-21 | N/A | 9.6 CRITICAL | ||
|
Weak account password in GE HealthCare EchoPAC products
|
|||||
| CVE-2024-23816 | 1 Siemens | 1 Location Intelligence | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) ...
Show More |
|||||
| CVE-2024-23619 | 1 Ibm | 1 Merge Efilm Workstation | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.
|
|||||
| CVE-2024-22313 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-11-21 | N/A | 6.2 MEDIUM |
|
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.
|
|||||
| CVE-2024-21764 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port.
|
|||||
| CVE-2024-1661 | 1 Totolink | 1 X6000r Firmware | 2024-11-21 | 1.0 LOW | 2.5 LOW |
|
A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: ...
Show More |
|||||
| CVE-2024-0865 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-11-21 | N/A | 7.8 HIGH |
|
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege
escalation when logged in as a non-administrative user.
|
|||||
| CVE-2023-6482 | 1 Synaptics | 1 Fingerprint Driver | 2024-11-21 | N/A | 5.2 MEDIUM |
|
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows
an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may
allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the
template database.
|
|||||
| CVE-2023-6198 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
|
Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device.
|
|||||
| CVE-2023-5777 | 1 Weintek | 1 Easybuilder Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.
|
|||||
| CVE-2023-5318 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 7.5 HIGH |
|
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
|
|||||
| CVE-2023-5074 | 1 Dlink | 1 D-view 8 | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28
|
|||||
| CVE-2023-52723 | 2024-11-21 | N/A | 7.1 HIGH | ||
|
In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.
|
|||||
| CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671.
|
|||||
| CVE-2023-50124 | 1 Flient | 2 Smart Lock Advanced, Smart Lock Advanced Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner.
|
|||||
| CVE-2023-4419 | 1 Sick | 6 Lms500, Lms500 Firmware, Lms511 and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The LMS5xx uses hard-coded credentials, which potentially allow low-skilled
unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.
|
|||||
| CVE-2023-4204 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-11-21 | N/A | 5.4 MEDIUM |
|
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.
|
|||||
| CVE-2023-49228 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-11-21 | N/A | 6.4 MEDIUM |
|
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.
|
|||||
| CVE-2023-49224 | 2024-11-21 | N/A | 8.0 HIGH | ||
|
Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges.
|
|||||
| CVE-2023-49223 | 2024-11-21 | N/A | 8.8 HIGH | ||
|
Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information.
|
|||||
| CVE-2023-49222 | 2024-11-21 | N/A | 8.8 HIGH | ||
|
Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges.
|
|||||