Total
1266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3699 | 1 Dreryk | 1 Gabinet | 2024-06-12 | N/A | 9.8 CRITICAL |
| Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0. | |||||
| CVE-2024-3700 | 1 Estomed | 1 Simple Care | 2024-06-12 | N/A | 9.8 CRITICAL |
| Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported. | |||||
| CVE-2024-1661 | 1 Totolink | 1 X6000r Firmware | 2024-05-17 | N/A | 5.5 MEDIUM |
| A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3237 | 1 Otcms | 1 Otcms | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508. | |||||
| CVE-2023-0808 | 3 Bosswerk, Deyeinverter, Revolt-power | 6 Inverter, Inverter Firmware, Inverter and 3 more | 2024-05-17 | N/A | 6.8 MEDIUM |
| A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability. | |||||
| CVE-2022-4611 | 1 Clickstudios | 1 Passwordstate | 2024-05-17 | N/A | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216273 was assigned to this vulnerability. | |||||
| CVE-2014-125030 | 1 Empress Project | 1 Empress | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The patch is identified as 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a patch to fix this issue. VDB-217154 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-4844 | 2024-05-16 | N/A | N/A | ||
| Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on. | |||||
| CVE-2024-32740 | 2024-05-14 | N/A | N/A | ||
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network. | |||||
| CVE-2023-21652 | 1 Qualcomm | 240 Aqt1000, Aqt1000 Firmware, Ar8035 and 237 more | 2024-04-12 | N/A | 7.1 HIGH |
| Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. | |||||
| CVE-2018-7241 | 1 Schneider-electric | 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more | 2024-04-10 | 10.0 HIGH | 9.8 CRITICAL |
| Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. | |||||
| CVE-2021-44720 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | N/A | 7.2 HIGH |
| In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role. | |||||
| CVE-2024-22313 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-02-15 | N/A | 7.8 HIGH |
| IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. | |||||
| CVE-2008-1160 | 1 Zyxel | 2 Zywall 1050, Zywall 1050 Firmware | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. | |||||
| CVE-2020-35296 | 1 Thinkadmin | 1 Thinkadmin | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access. | |||||
| CVE-2005-3803 | 1 Cisco | 2 Unified Wireless Ip Phone 7920, Unified Wireless Ip Phone 7920 Firmware | 2024-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-0496 | 1 Arkeia | 1 Network Backup | 2024-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands. | |||||
| CVE-2005-3716 | 1 Utstarcom | 2 F1000 Wi-fi, F1000 Wi-fi Firmware | 2024-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information. | |||||
| CVE-2021-37555 | 1 Trixie | 2 Tx9 Automatic Food Dispenser, Tx9 Automatic Food Dispenser Firmware | 2024-02-13 | 10.0 HIGH | 9.8 CRITICAL |
| TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc). | |||||
| CVE-2008-2369 | 1 Redhat | 1 Satellite | 2024-02-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements. | |||||