Total
1269 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9306 | 1 Tesla | 1 Solarcity Solar Monitoring Gateway | 2024-08-04 | 8.8 High |
| Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. | ||||
| CVE-2020-9279 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2024-08-04 | 9.8 Critical |
| An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device. | ||||
| CVE-2020-8995 | 1 Bilanc | 1 Bilanc | 2024-08-04 | 9.8 Critical |
| Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools. | ||||
| CVE-2020-8964 | 1 Timetoolsltd | 20 Sc7105, Sc7105 Firmware, Sc9205 and 17 more | 2024-08-04 | 9.8 Critical |
| TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcoded cookie." | ||||
| CVE-2020-8868 | 1 Quest | 1 Foglight Evolve | 2024-08-04 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-9553. | ||||
| CVE-2020-8657 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-08-04 | 9.8 Critical |
| An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token. | ||||
| CVE-2020-8573 | 1 Netapp | 2 Hci H610s, Hci H610s Firmware | 2024-08-04 | 6.5 Medium |
| The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC account password on the H610C, H615C and H610S platforms is reset to the default documented value which could allow remote attackers to cause a Denial of Service (DoS). | ||||
| CVE-2020-7999 | 1 Intelliantech | 1 Aptus | 2024-08-04 | 9.8 Critical |
| The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY. | ||||
| CVE-2020-8001 | 1 Intelliantech | 1 Aptus | 2024-08-04 | 9.8 Critical |
| The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account. | ||||
| CVE-2020-8000 | 1 Intelliantech | 1 Aptus Web | 2024-08-04 | 9.8 Critical |
| Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account. | ||||
| CVE-2020-7846 | 1 Cnesty | 1 Helpcom | 2024-08-04 | 8 High |
| Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page. | ||||
| CVE-2020-7515 | 1 Schneider-electric | 1 Easergy Builder | 2024-08-04 | 7.8 High |
| A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password. | ||||
| CVE-2020-7501 | 1 Schneider-electric | 1 Vijeo Designer | 2024-08-04 | 8.8 High |
| A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer. | ||||
| CVE-2020-7498 | 1 Schneider-electric | 2 Os Loader, Unity Loader | 2024-08-04 | 9.8 Critical |
| A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file transfer service provided by the Modicon PLCs. This could result in various unintended results. | ||||
| CVE-2020-6981 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2024-08-04 | 9.8 Critical |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication. | ||||
| CVE-2020-6985 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2024-08-04 | 9.8 Critical |
| In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console. | ||||
| CVE-2020-6983 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2024-08-04 | 7.5 High |
| In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered. | ||||
| CVE-2020-6990 | 1 Rockwellautomation | 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more | 2024-08-04 | 9.8 Critical |
| Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller. | ||||
| CVE-2020-6979 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2024-08-04 | 7.5 High |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. | ||||
| CVE-2020-6882 | 1 Zte | 6 Zxhn E8810, Zxhn E8810 Firmware, Zxhn E8820 and 3 more | 2024-08-04 | 7.5 High |
| ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13> | ||||