Total
1269 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27143 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP. | ||||
| CVE-2021-27141 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.) | ||||
| CVE-2021-27161 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP. | ||||
| CVE-2021-27152 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP. | ||||
| CVE-2021-27172 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh. | ||||
| CVE-2021-27151 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded rootmet / m3tr0r00t credentials for an ISP. | ||||
| CVE-2021-27155 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP. | ||||
| CVE-2021-27149 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adminpldt / z6dUABtl270qRxt7a2uGTiw credentials for an ISP. | ||||
| CVE-2021-27146 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP. | ||||
| CVE-2021-27145 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP. | ||||
| CVE-2021-27148 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP. | ||||
| CVE-2021-27156 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains credentials for an ISP that equal the last part of the MAC address of the br0 interface. | ||||
| CVE-2021-27144 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP. | ||||
| CVE-2021-26611 | 1 Hej | 2 Hejhome Gkw-ic052, Hejhome Gkw-ic052 Firmware | 2024-08-03 | 8.1 High |
| HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..) | ||||
| CVE-2021-26579 | 1 Hpe | 1 Unified Data Management | 2024-08-03 | 5.5 Medium |
| A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys. | ||||
| CVE-2021-26108 | 1 Fortinet | 1 Fortios | 2024-08-03 | 7.5 High |
| A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering. | ||||
| CVE-2021-25898 | 1 Void | 1 Aural Rec Monitor | 2024-08-03 | 7.5 High |
| An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server. | ||||
| CVE-2021-25275 | 1 Solarwinds | 1 Orion Platform | 2024-08-03 | 7.8 High |
| SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database. | ||||
| CVE-2021-24005 | 1 Fortinet | 1 Fortiauthenticator | 2024-08-03 | 4 Medium |
| Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key. | ||||
| CVE-2021-23233 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more | 2024-08-03 | 7.3 High |
| Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters. | ||||