Total
1269 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-46637 | 1 Prolink2u | 2 Prs1841, Prs1841 Firmware | 2024-08-03 | 9.8 Critical |
Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services. | ||||
CVE-2022-45766 | 1 Keystorage | 1 Global Facilities Management Software | 2024-08-03 | 9.1 Critical |
Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes. | ||||
CVE-2022-45444 | 1 Sewio | 1 Real-time Location System Studio | 2024-08-03 | 10 Critical |
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access. | ||||
CVE-2022-45425 | 1 Dahuasecurity | 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more | 2024-08-03 | 7.5 High |
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability. | ||||
CVE-2022-45291 | 1 Pwsdashboard | 1 Personal Weather Station Dashboard | 2024-08-03 | 7.2 High |
PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022. | ||||
CVE-2022-44612 | 1 Intel | 1 Unison | 2024-08-03 | 5.5 Medium |
Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access. | ||||
CVE-2022-44097 | 1 Book Store Management System Project | 1 Book Store Management System | 2024-08-03 | 9.8 Critical |
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | ||||
CVE-2022-44096 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-08-03 | 9.8 Critical |
Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | ||||
CVE-2022-43978 | 1 Pandorafms | 1 Pandora Fms | 2024-08-03 | 5.6 Medium |
There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check. | ||||
CVE-2022-42980 | 1 Go-admin | 1 Go-admin | 2024-08-03 | 9.8 Critical |
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. | ||||
CVE-2022-42973 | 2 Microsoft, Schneider-electric | 8 Windows 10, Windows 11, Windows 7 and 5 more | 2024-08-03 | 7.8 High |
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | ||||
CVE-2022-42176 | 1 Pctechsoft | 1 Pcsecure | 2024-08-03 | 7.8 High |
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access. | ||||
CVE-2022-41653 | 1 Daikinlatam | 2 Svmpc1, Svmpc2 | 2024-08-03 | 9.8 Critical |
Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system. | ||||
CVE-2022-41399 | 1 Sage | 1 Sage 300 | 2024-08-03 | 7.5 High |
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database. | ||||
CVE-2022-41398 | 1 Sage | 1 Sage 300 | 2024-08-03 | 7.5 High |
The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information. | ||||
CVE-2022-41540 | 1 Tp-link | 2 Ax10, Ax10 Firmware | 2024-08-03 | 5.9 Medium |
The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information. | ||||
CVE-2022-41400 | 1 Sage | 1 Sage 300 | 2024-08-03 | 9.8 Critical |
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings. | ||||
CVE-2022-41397 | 1 Sage | 1 Sage 300 | 2024-08-03 | 9.8 Critical |
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables. | ||||
CVE-2022-41157 | 2 Microsoft, Webcash | 2 Windows, Serp Server 2.0 | 2024-08-03 | 8.1 High |
A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands. | ||||
CVE-2022-40602 | 1 Zyxel | 2 Lte3301-m209, Lte3301-m209 Firmware | 2024-08-03 | 9.8 Critical |
A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. |