Total
1269 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36616 | 1 Totolink | 2 A810r, A810r Firmware | 2024-08-03 | 7.8 High |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36610 | 1 Totolink | 2 A720r, A720r Firmware | 2024-08-03 | 7.8 High |
| TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36613 | 1 Totolink | 2 N600r, N600r Firmware | 2024-08-03 | 7.8 High |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36614 | 1 Totolink | 2 A860r, A860r Firmware | 2024-08-03 | 7.8 High |
| TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36560 | 1 Seiko-sol | 2 Skybridge Mb-a200, Skybridge Mb-a200 Firmware | 2024-08-03 | 9.8 Critical |
| Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh. | ||||
| CVE-2022-36558 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2024-08-03 | 9.8 Critical |
| Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg. | ||||
| CVE-2022-36171 | 1 Mapgis | 1 Mapgis Igserver | 2024-08-03 | 8.1 High |
| MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. | ||||
| CVE-2022-36170 | 1 Mapgis | 1 Igserver | 2024-08-03 | 8.8 High |
| MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion. | ||||
| CVE-2022-36159 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2024-08-03 | 8.8 High |
| Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware. | ||||
| CVE-2022-36222 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2024-08-03 | 8.4 High |
| Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. | ||||
| CVE-2022-35866 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2024-08-03 | 9.8 Critical |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139. | ||||
| CVE-2022-35857 | 1 Kvf-admin Project | 1 Kvf-admin | 2024-08-03 | 9.8 Critical |
| kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file. | ||||
| CVE-2022-35734 | 1 Hjholdings | 1 Hulu | 2024-08-03 | 7.5 High |
| 'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | ||||
| CVE-2022-35582 | 1 Pentasecurity | 1 Wapples | 2024-08-03 | 8.8 High |
| Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control. | ||||
| CVE-2022-35540 | 1 Dotnetcore | 1 Agileconfig | 2024-08-03 | 9.8 Critical |
| Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. | ||||
| CVE-2022-35491 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-08-03 | 9.8 Critical |
| TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. | ||||
| CVE-2022-35413 | 1 Pentasecurity | 1 Wapples | 2024-08-03 | 9.8 Critical |
| WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001. | ||||
| CVE-2022-34993 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-08-03 | 9.8 Critical |
| Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. | ||||
| CVE-2022-34840 | 1 Buffalo | 18 Hw-450hp-zwe, Hw-450hp-zwe Firmware, Wzr-300hp and 15 more | 2024-08-03 | 6.5 Medium |
| Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, and WZR-D1100H firmware Ver. 2.00 and earlier. | ||||
| CVE-2022-34906 | 1 Filewave | 1 Filewave | 2024-08-03 | 7.5 High |
| A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests. | ||||