Total
1328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37608 | 1 Automaticsystems | 2 Soc Fl9600 Firstlane, Soc Fl9600 Firstlane Firmware | 2024-11-21 | 7.5 High |
| An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password. | ||||
| CVE-2023-37426 | 2 Arubanetworks, Hpe | 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator | 2024-11-21 | 7.4 High |
| EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host. | ||||
| CVE-2023-37287 | 1 Smartsoft | 1 Smartbpm.net | 2024-11-21 | 9.1 Critical |
| SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes. | ||||
| CVE-2023-37286 | 1 Smartsoft | 1 Smartbpm.net | 2024-11-21 | 9.8 Critical |
| SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service. | ||||
| CVE-2023-37215 | 1 Jbl | 2 Jbl Bar 5.1 Surround, Jbl Bar 5.1 Surround Firmware | 2024-11-21 | 6.2 Medium |
| JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials | ||||
| CVE-2023-36817 | 2 Kingstemple, Tktchurch | 2 The King\'s Temple Church Website, Website | 2024-11-21 | 7.5 High |
| `tktchurch/website` contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase. | ||||
| CVE-2023-36651 | 1 Prolion | 1 Cryptospike | 2024-11-21 | 7.2 High |
| Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. | ||||
| CVE-2023-36380 | 1 Siemens | 4 Cp-8031, Cp-8031 Firmware, Cp-8050 and 1 more | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected. | ||||
| CVE-2023-35987 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | 9.8 Critical |
| PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. | ||||
| CVE-2023-35763 | 1 Iagona | 1 Scrutisweb | 2024-11-21 | 5.5 Medium |
| Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext. | ||||
| CVE-2023-35724 | 2024-11-21 | N/A | ||
| D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The server program contains hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20050. | ||||
| CVE-2023-34123 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | 7.5 High |
| Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2023-33836 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 5.3 Medium |
| IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016. | ||||
| CVE-2023-33744 | 1 Teleadapt | 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware | 2024-11-21 | 9.8 Critical |
| TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671. | ||||
| CVE-2023-33413 | 1 Supermicro | 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more | 2024-11-21 | 8.8 High |
| The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. | ||||
| CVE-2023-33372 | 1 Connectedio | 1 Connected Io | 2024-11-21 | 9.8 Critical |
| Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. | ||||
| CVE-2023-33371 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | 9.8 Critical |
| Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. | ||||
| CVE-2023-33304 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 4.4 Medium |
| A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. | ||||
| CVE-2023-33236 | 1 Moxa | 1 Mxsecurity | 2024-11-21 | 9.8 Critical |
| MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs. | ||||
| CVE-2023-32619 | 1 Tp-link | 4 Archer C50 V3, Archer C50 V3 Firmware, Archer C55 and 1 more | 2024-11-21 | 8.8 High |
| Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. | ||||