Total
1328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49253 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2024-11-21 | 9.8 Critical |
| Root user password is hardcoded into the device and cannot be changed in the user interface. | ||||
| CVE-2023-49224 | 2024-11-21 | 8.0 High | ||
| Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges. | ||||
| CVE-2023-49223 | 2024-11-21 | 8.8 High | ||
| Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information. | ||||
| CVE-2023-49222 | 2024-11-21 | 8.8 High | ||
| Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges. | ||||
| CVE-2023-49221 | 2024-11-21 | 7.8 High | ||
| Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service code. | ||||
| CVE-2023-48392 | 1 Kaifa | 1 Webitr Attendance System | 2024-11-21 | 9.8 Critical |
| Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information. | ||||
| CVE-2023-48388 | 1 Multisuns | 2 Easylog Web\+, Easylog Web\+ Firmware | 2024-11-21 | 9.8 Critical |
| Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service. | ||||
| CVE-2023-48374 | 1 Csharp | 1 Cws Collaborative Development Platform | 2024-11-21 | 6.5 Medium |
| SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information. | ||||
| CVE-2023-48251 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | 8.1 High |
| The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. | ||||
| CVE-2023-48250 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | 8.1 High |
| The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. | ||||
| CVE-2023-48055 | 1 Superagi | 1 Superagi | 2024-11-21 | 7.5 High |
| SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications. | ||||
| CVE-2023-48053 | 1 Archerydms | 1 Archery | 2024-11-21 | 7.5 High |
| Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. | ||||
| CVE-2023-47800 | 1 Natus | 2 Neuroworks Eeg, Sleepworks | 2024-11-21 | 9.8 Critical |
| Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services. | ||||
| CVE-2023-47315 | 1 H-mdm | 1 Headwind Mdm | 2024-11-21 | 8.8 High |
| Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens. | ||||
| CVE-2023-47213 | 1 C-first | 56 Cfr-1004ea, Cfr-1004ea Firmware, Cfr-1008ea and 53 more | 2024-11-21 | 9.8 Critical |
| First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround. | ||||
| CVE-2023-46943 | 1 Evershop | 1 Evershop | 2024-11-21 | 9.1 Critical |
| An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application. | ||||
| CVE-2023-46918 | 1 Fedirtsapana | 1 Simple Http Server Plus | 2024-11-21 | 4.6 Medium |
| Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device. | ||||
| CVE-2023-46711 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-11-21 | 4.6 Medium |
| VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user. | ||||
| CVE-2023-46706 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-11-21 | 9.1 Critical |
| Multiple MachineSense devices have credentials unable to be changed by the user or administrator. | ||||
| CVE-2023-46685 | 1 Level1 | 2 Wbr-6013, Wbr-6013 Firmware | 2024-11-21 | 9.8 Critical |
| A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution. | ||||