Total
1268 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16158 | 1 Eaton | 6 Power Xpert Meter 4000, Power Xpert Meter 4000 Firmware, Power Xpert Meter 6000 and 3 more | 2024-09-17 | N/A |
| Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option. | ||||
| CVE-2021-35232 | 1 Solarwinds | 1 Webhelpdesk | 2024-09-17 | 6.8 Medium |
| Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. | ||||
| CVE-2018-12323 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2024-09-17 | N/A |
| An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console. | ||||
| CVE-2018-17894 | 1 Nuuo | 1 Nuuo Cms | 2024-09-17 | N/A |
| NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access. | ||||
| CVE-2019-11898 | 1 Bosch | 1 Access | 2024-09-17 | 9.9 Critical |
| Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8. | ||||
| CVE-2017-7336 | 1 Fortinet | 1 Fortiwlm | 2024-09-17 | N/A |
| A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges. | ||||
| CVE-2020-4283 | 1 Ibm | 1 Security Information Queue | 2024-09-17 | 8.6 High |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 176206. | ||||
| CVE-2017-17540 | 1 Fortinet | 1 Fortiwlc | 2024-09-17 | N/A |
| The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell. | ||||
| CVE-2021-38456 | 1 Moxa | 1 Mxview | 2024-09-17 | 9.8 Critical |
| A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords | ||||
| CVE-2021-32993 | 1 Philips | 4 Intellibridge Ec40, Intellibridge Ec40 Firmware, Intellibridge Ec80 and 1 more | 2024-09-17 | 8.1 High |
| IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||
| CVE-2020-10269 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2024-09-17 | 9.8 Critical |
| One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in MiR100 and MiR200 but it might also apply to MiR250, MiR500 and MiR1000. | ||||
| CVE-2018-9068 | 2 Ibm, Lenovo | 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more | 2024-09-17 | N/A |
| The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI. | ||||
| CVE-2021-32520 | 1 Qsan | 1 Storage Manager | 2024-09-17 | 9.8 Critical |
| Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document. | ||||
| CVE-2021-42833 | 1 Xylem | 1 Aquaview | 2024-09-17 | 9.3 Critical |
| A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings. | ||||
| CVE-2020-3158 | 1 Cisco | 1 Smart Software Manager On-prem | 2024-09-17 | 9.1 Critical |
| A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device. | ||||
| CVE-2019-17098 | 1 August | 3 August Home, Connect Wi-fi Bridge, Connect Wi-fi Bridge Firmware | 2024-09-17 | 3.5 Low |
| Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions. | ||||
| CVE-2019-9493 | 1 Mycarcontrols | 1 Mycar Controls | 2024-09-17 | 6.5 Medium |
| The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia. | ||||
| CVE-2020-4157 | 1 Ibm | 1 Qradar Network Security | 2024-09-17 | 7.5 High |
| IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174337. | ||||
| CVE-2017-1204 | 1 Ibm | 1 Tealeaf Customer Experience | 2024-09-17 | N/A |
| IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740. | ||||
| CVE-2021-34565 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2024-09-17 | 9.8 Critical |
| In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. | ||||