Total
1266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20039 | 1 Sicunet | 1 Access Control | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely. | |||||
| CVE-2022-25807 | 1 Igel | 1 Universal Management Suite | 2022-06-17 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key. | |||||
| CVE-2022-25806 | 1 Igel | 1 Universal Management Suite | 2022-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key. | |||||
| CVE-2019-5137 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. | |||||
| CVE-2019-5139 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-06-13 | 3.6 LOW | 7.1 HIGH |
| An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. | |||||
| CVE-2021-42892 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2022-06-13 | 5.0 MEDIUM | 4.3 MEDIUM |
| In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. | |||||
| CVE-2022-30234 | 1 Schneider-electric | 4 Wiser Smart Eer21000, Wiser Smart Eer21000 Firmware, Wiser Smart Eer21001 and 1 more | 2022-06-13 | 10.0 HIGH | 9.8 CRITICAL |
| A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | |||||
| CVE-2022-29730 | 1 Usr | 10 Usr-g800v2, Usr-g800v2 Firmware, Usr-g806 and 7 more | 2022-06-10 | 10.0 HIGH | 9.8 CRITICAL |
| USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device. | |||||
| CVE-2013-10002 | 1 Telecomsoftware | 2 Samwin Agent, Samwin Contact Center | 2022-06-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2021-33016 | 1 Kuka | 3 Kr C4, Kr C4 Firmware, Kss | 2022-06-08 | 5.0 MEDIUM | 9.8 CRITICAL |
| An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. | |||||
| CVE-2021-33014 | 1 Kuka | 3 Kr C4, Kr C4 Firmware, Kss | 2022-06-08 | 5.0 MEDIUM | 8.8 HIGH |
| An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. | |||||
| CVE-2018-4017 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2022-06-07 | 3.3 LOW | 8.8 HIGH |
| An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability. | |||||
| CVE-2021-22667 | 1 Advantech | 2 Bb-eswgp506-2sfp-t, Bb-eswgp506-2sfp-t Firmware | 2022-05-27 | 10.0 HIGH | 9.8 CRITICAL |
| BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior). | |||||
| CVE-2022-29644 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. | |||||
| CVE-2022-29645 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. | |||||
| CVE-2021-42850 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2022-05-26 | 4.6 MEDIUM | 7.8 HIGH |
| A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access. | |||||
| CVE-2022-27172 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2021-38969 | 1 Ibm | 1 Spectrum Virtualize | 2022-05-19 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609. | |||||
| CVE-2021-34601 | 1 Bender | 4 Cc612, Cc612 Firmware, Cc613 and 1 more | 2022-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI. | |||||
| CVE-2022-29856 | 1 Automationanywhere | 1 Automation 360 | 2022-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages. | |||||