Total
1364 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5514 | 1 Minmax | 1 Minmax | 2024-11-25 | 9.8 Critical |
| MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs. | ||||
| CVE-2024-11026 | 2 Free-now, Google | 2 Freenow, Android | 2024-11-23 | 3.7 Low |
| A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore Handler. The manipulation of the argument DEFAULT_KEYSTORE_PASSWORD with the input changeit leads to use of hard-coded password. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-10920 | 1 Mariazevedo88 | 1 Travels-java-api | 2024-11-22 | 3.1 Low |
| A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\main\java\io\github\mariazevedo88\travelsjavaapi\filters\JwtAuthenticationTokenFilter.java of the component JWT Secret Handler. The manipulation leads to use of hard-coded cryptographic key . The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-52789 | 1 Tenda | 1 W30e Firmware | 2024-11-22 | 8 High |
| Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | ||||
| CVE-2024-52788 | 1 Tenda | 1 W9 Firmware | 2024-11-22 | 8 High |
| Tenda W9 v1.0.0.7(4456) was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | ||||
| CVE-2019-1688 | 1 Cisco | 1 Network Assurance Engine | 2024-11-21 | 7.1 High |
| A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1). | ||||
| CVE-2023-47704 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2024-11-21 | 4 Medium |
| IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220. | ||||
| CVE-2023-41611 | 2024-11-21 | 6.5 Medium | ||
| Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data. | ||||
| CVE-2023-36623 | 1 Loxone | 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware | 2024-11-21 | 7.8 High |
| The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges. | ||||
| CVE-2023-34338 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | 7.1 High |
| AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | ||||
| CVE-2023-34473 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | 6.6 Medium |
| AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | ||||
| CVE-2024-7170 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2024-11-21 | 3.5 Low |
| A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7155 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 2.5 Low |
| A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6890 | 1 Journyx | 1 Journyx | 2024-11-21 | 8.8 High |
| Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password. | ||||
| CVE-2024-6045 | 1 Dlink | 15 E15 Firmware, E30 Firmware, G403 Firmware and 12 more | 2024-11-21 | 8.8 High |
| Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware. | ||||
| CVE-2024-5471 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-11-21 | 8.8 High |
| Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. | ||||
| CVE-2024-4844 | 2024-11-21 | 7.5 High | ||
| Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on. | ||||
| CVE-2024-4708 | 1 Myscada | 1 Mypro | 2024-11-21 | 9.8 Critical |
| mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. | ||||
| CVE-2024-45275 | 3 Helmholz, Mb Connect Line, Mbconnectline | 5 Rex 100, Rex 100 Firmware, Mbnet.mini and 2 more | 2024-11-21 | 9.8 Critical |
| The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. | ||||
| CVE-2024-41689 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-11-21 | 4.6 Medium |
| This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system. | ||||