Total
1266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3906 | 1 Identicard | 1 Premisys Id | 2022-12-03 | 9.0 HIGH | 8.8 HIGH |
| Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents. | |||||
| CVE-2022-41157 | 2 Microsoft, Webcash | 2 Windows, Serp Server 2.0 | 2022-12-01 | N/A | 9.8 CRITICAL |
| A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands. | |||||
| CVE-2019-6548 | 1 Ge | 1 Ge Communicator | 2022-11-30 | 6.8 MEDIUM | 9.8 CRITICAL |
| GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user. | |||||
| CVE-2022-32967 | 1 Realtek | 4 Rtl8111ep-cg, Rtl8111ep-cg Firmware, Rtl8111fp-cg and 1 more | 2022-11-30 | N/A | 2.1 LOW |
| RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information. | |||||
| CVE-2021-43044 | 1 Kaseya | 1 Unitrends Backup | 2022-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community. | |||||
| CVE-2022-40602 | 1 Zyxel | 2 Lte3301-m209, Lte3301-m209 Firmware | 2022-11-26 | N/A | 9.8 CRITICAL |
| A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. | |||||
| CVE-2018-20432 | 1 Dlink | 4 Covr-2600r, Covr-2600r Firmware, Covr-3902 and 1 more | 2022-11-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. | |||||
| CVE-2021-34577 | 1 Kadenvodomery | 2 Picoflux Air, Picoflux Air Firmware | 2022-11-15 | N/A | 6.5 MEDIUM |
| In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device. | |||||
| CVE-2022-40263 | 1 Bd | 2 Totalys Multiprocessor, Totalys Multiprocessor Firmware | 2022-11-07 | N/A | 7.8 HIGH |
| BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability. | |||||
| CVE-2020-13963 | 1 Soplanning | 1 Soplanning | 2022-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account). | |||||
| CVE-2020-15326 | 1 Zyxel | 1 Cloudcnm Secumanager | 2022-10-27 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. | |||||
| CVE-2020-15327 | 1 Zyxel | 1 Cloudcnm Secumanager | 2022-10-27 | N/A | 7.5 HIGH |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. | |||||
| CVE-2021-38461 | 1 Auvesy | 1 Versiondog | 2022-10-27 | 6.4 MEDIUM | 8.2 HIGH |
| The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries. | |||||
| CVE-2022-29477 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2022-10-26 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-29889 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2022-10-26 | N/A | 9.8 CRITICAL |
| A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability. | |||||
| CVE-2022-32965 | 1 Omicard Edm Project | 1 Omicard Edm | 2022-10-26 | N/A | 9.8 CRITICAL |
| OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service. | |||||
| CVE-2022-38117 | 1 Juiker | 1 Juiker | 2022-10-25 | N/A | 6.1 MEDIUM |
| Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it. | |||||
| CVE-2021-40390 | 1 Moxa | 1 Mxview | 2022-10-24 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-25193 | 1 Ge | 6 Rt430, Rt430 Firmware, Rt431 and 3 more | 2022-10-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection. | |||||
| CVE-2022-38420 | 1 Adobe | 1 Coldfusion | 2022-10-20 | N/A | 7.5 HIGH |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction. | |||||