Total
100 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0808 | 3 Bosswerk, Deyeinverter, Revolt-power | 6 Inverter, Inverter Firmware, Inverter and 3 more | 2024-08-02 | 3.9 Low |
| A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability. | ||||
| CVE-2024-37644 | 1 Trendnet | 1 Tew-814dap | 2024-08-02 | 8.8 High |
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | ||||
| CVE-2024-36526 | 1 Zkteco | 1 Zkbio Cvsecurity | 2024-08-02 | 9.8 Critical |
| ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. | ||||
| CVE-2024-35395 | 1 Totolink | 1 Cp900 L | 2024-08-02 | 8.8 High |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | ||||
| CVE-2024-34539 | 2024-08-02 | 9.4 Critical | ||
| Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions. | ||||
| CVE-2024-34025 | 2024-08-02 | 9.8 Critical | ||
| CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges. | ||||
| CVE-2024-33867 | 2024-08-02 | 4.8 Medium | ||
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt. | ||||
| CVE-2024-33625 | 1 Cyberpower | 1 Powerpanel Business | 2024-08-02 | 9.8 Critical |
| CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication. | ||||
| CVE-2024-32741 | 2024-08-02 | 10 Critical | ||
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device. | ||||
| CVE-2024-32210 | 1 Lomag | 1 Warehouse Management | 2024-08-02 | 5.3 Medium |
| The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections. | ||||
| CVE-2024-31810 | 2024-08-02 | N/A | ||
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2024-29011 | 2024-08-02 | 7.5 High | ||
| Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions. | ||||
| CVE-2024-28023 | 2024-08-02 | 5.7 Medium | ||
| A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code. | ||||
| CVE-2024-28010 | 2024-08-02 | 9.8 Critical | ||
| Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet. | ||||
| CVE-2024-27774 | 2024-08-02 | 7.5 High | ||
| Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware | ||||
| CVE-2024-27164 | 2024-08-02 | 7.1 High | ||
| Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-21990 | 2024-08-01 | 5.4 Medium | ||
| ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials. | ||||
| CVE-2024-5275 | 2024-08-01 | 7.8 High | ||
| A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of FileCatalyst Workflow from 5.1.6 Build 130 and earlier. | ||||
| CVE-2024-2420 | 2024-08-01 | N/A | ||
| LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements. | ||||
| CVE-2024-2197 | 2024-08-01 | 4.3 Medium | ||
| The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points. | ||||