| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors. |
| Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access. |
| In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware. |
| A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential. |
| Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to
1.9.03.009
have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.
|
| In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample. |
| Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command. |
| Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service. |
| bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default. |
| In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample. |
| In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. |
| Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session. |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh. |
