Total
58 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-11026 | 2024-11-12 | 2.6 LOW | 3.7 LOW | ||
A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore Handler. The manipulation of the argument DEFAULT_KEYSTORE_PASSWORD with the input changeit leads to use of hard-coded password. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-20412 | 1 Cisco | 22 Firepower 1000, Firepower 1010, Firepower 1020 and 19 more | 2024-11-05 | N/A | 8.4 HIGH |
A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device. | |||||
CVE-2024-25825 | 2024-10-11 | N/A | 9.8 CRITICAL | ||
FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password. | |||||
CVE-2024-43423 | 1 Doverfuelingsolutions | 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more | 2024-10-01 | N/A | 9.8 CRITICAL |
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. | |||||
CVE-2024-46328 | 2024-09-30 | N/A | 8.0 HIGH | ||
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root. | |||||
CVE-2024-46959 | 2024-09-20 | N/A | 6.5 MEDIUM | ||
runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audio stream. | |||||
CVE-2023-32145 | 2024-09-18 | N/A | 8.8 HIGH | ||
D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-18455. | |||||
CVE-2024-39585 | 1 Dell | 1 Smartfabric Os10 | 2024-09-17 | N/A | 8.1 HIGH |
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure. | |||||
CVE-2023-37231 | 2024-09-10 | N/A | 9.8 CRITICAL | ||
Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password. | |||||
CVE-2024-8580 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-10 | 7.6 HIGH | 8.1 HIGH |
A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-39345 | 1 Adtran | 2 834-5, Sdg Smartos | 2024-09-03 | N/A | 7.2 HIGH |
AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges. NOTE: The vendor states that there is no intended functionality allowing an attacker to execute arbitrary OS Commands with root-level privileges. The vendor also states that this issue was fixed in SmartOS 12.5.5.1. | |||||
CVE-2024-4708 | 1 Myscada | 1 Mypro | 2024-08-29 | N/A | 9.8 CRITICAL |
mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. | |||||
CVE-2023-49963 | 2024-08-22 | N/A | 8.8 HIGH | ||
DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded password that could allow an attacker to take control. | |||||
CVE-2024-27488 | 2024-08-22 | N/A | 9.8 CRITICAL | ||
Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful api interface, but the secret is hardcoded by default. | |||||
CVE-2024-31798 | 1 Gncchome | 2 Gncc C2, Gncc C2 Firmware | 2024-08-16 | N/A | 6.8 MEDIUM |
Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices | |||||
CVE-2024-34211 | 2024-08-15 | N/A | 8.8 HIGH | ||
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | |||||
CVE-2024-28066 | 2024-08-15 | N/A | 8.8 HIGH | ||
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). | |||||
CVE-2024-7332 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2024-08-09 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-7170 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2024-08-08 | 2.7 LOW | 8.8 HIGH |
A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-7155 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-08 | 1.0 LOW | 4.7 MEDIUM |
A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |