Total
1267 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45861 | 2024-09-19 | N/A | ||
| Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information. | ||||
| CVE-2024-35118 | 1 Ibm | 2 Maas360, Maas360 Mdm | 2024-09-19 | 4.6 Medium |
| IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. | ||||
| CVE-2023-43583 | 1 Zoom | 3 Meeting Software Development Kit, Video Software Development Kit, Zoom | 2024-09-19 | 4.9 Medium |
| Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access. | ||||
| CVE-2024-6656 | 2 Tnb Mobile Solutions, Tnbmobil | 2 Cockpit Software, Cockpit | 2024-09-19 | 9.8 Critical |
| Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13. | ||||
| CVE-2023-41610 | 1 Govicture | 1 Pc420 Firmware | 2024-09-19 | 8.8 High |
| Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext. | ||||
| CVE-2023-35724 | 2024-09-18 | N/A | ||
| D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The server program contains hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20050. | ||||
| CVE-2023-45226 | 1 F5 | 1 Big-ip Next Service Proxy For Kubernetes | 2024-09-18 | 7.4 High |
| The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2023-44411 | 2024-09-18 | N/A | ||
| D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InstallApplication class. The class contains a hard-coded password for the remotely reachable database. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19553. | ||||
| CVE-2023-45194 | 1 Mrl | 14 Mr-gm2, Mr-gm2 Firmware, Mr-gm3-d and 11 more | 2024-09-18 | 4.3 Medium |
| Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration. | ||||
| CVE-2024-39374 | 1 Markoni | 4 Markoni-d \(compact\), Markoni-d \(compact\) Firmware, Markoni-dh \(exciter\+amplifiers\) and 1 more | 2024-09-17 | 9.8 Critical |
| TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded credentials. | ||||
| CVE-2023-31581 | 1 Dromara | 1 Sureness | 2024-09-17 | 9.8 Critical |
| Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. | ||||
| CVE-2023-31579 | 1 Tangyh | 1 Lamp-cloud | 2024-09-17 | 9.8 Critical |
| Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token. | ||||
| CVE-2021-38969 | 1 Ibm | 1 Spectrum Virtualize | 2024-09-17 | 9.8 Critical |
| IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609. | ||||
| CVE-2020-3446 | 1 Cisco | 10 Csp 5228-w, Csp 5228-w Firmware, Csp 5436-w and 7 more | 2024-09-17 | 9.8 Critical |
| A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges. | ||||
| CVE-2017-11380 | 1 Trendmicro | 1 Deep Discovery Director | 2024-09-17 | N/A |
| Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1. | ||||
| CVE-2021-32525 | 1 Qsan | 1 Storage Manager | 2024-09-17 | 9.1 Critical |
| The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interface with the administrator’s credential, entering the hard-coded password of the debug mode to execute the restricted system instructions. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2017-11026 | 1 Google | 1 Android | 2024-09-17 | N/A |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys. | ||||
| CVE-2021-1219 | 1 Cisco | 1 Smart Software Manager On-prem | 2024-09-17 | 7.8 High |
| A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by gaining access to the static credential that is stored on the local device. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. | ||||
| CVE-2017-10616 | 1 Juniper | 1 Contrail | 2024-09-17 | 5.3 Medium |
| The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). | ||||
| CVE-2018-16158 | 1 Eaton | 6 Power Xpert Meter 4000, Power Xpert Meter 4000 Firmware, Power Xpert Meter 6000 and 3 more | 2024-09-17 | N/A |
| Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option. | ||||