Total
1166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-34907 | 1 Filewave | 1 Filewave | 2024-02-04 | N/A | 9.8 CRITICAL |
An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform. | |||||
CVE-2022-32965 | 1 Omicard Edm Project | 1 Omicard Edm | 2024-02-04 | N/A | 9.8 CRITICAL |
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service. | |||||
CVE-2022-38394 | 1 Allied-telesis | 2 Centrecom Ar260s, Centrecom Ar260s Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command. | |||||
CVE-2022-29889 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability. | |||||
CVE-2022-22144 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-04 | N/A | 9.8 CRITICAL |
A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this vulnerability. | |||||
CVE-2022-29963 | 1 Emerson | 48 Deltav Distributed Control System Sq Controller, Deltav Distributed Control System Sq Controller Firmware, Deltav Distributed Control System Sx Controller and 45 more | 2024-02-04 | N/A | 5.5 MEDIUM |
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. | |||||
CVE-2022-36952 | 1 Veritas | 1 Netbackup | 2024-02-04 | N/A | 9.8 CRITICAL |
In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
CVE-2022-35857 | 1 Kvf-admin Project | 1 Kvf-admin | 2024-02-04 | N/A | 9.8 CRITICAL |
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file. | |||||
CVE-2022-36170 | 1 Mapgis | 1 Igserver | 2024-02-04 | N/A | 8.8 HIGH |
MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion. | |||||
CVE-2022-30036 | 1 Malighting | 2 Grandma2 Light, Grandma2 Light Firmware | 2024-02-04 | N/A | 8.8 HIGH |
MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's position is that the product was designed for isolated networks. Also, the successor product, grandMA3, is not affected by this vulnerability. | |||||
CVE-2022-36558 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2024-02-04 | N/A | 9.8 CRITICAL |
Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg. | |||||
CVE-2022-37710 | 1 Pattersondental | 1 Eaglesoft | 2024-02-04 | N/A | 7.8 HIGH |
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file. | |||||
CVE-2022-34045 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. | |||||
CVE-2022-26138 | 1 Atlassian | 3 Confluence Data Center, Confluence Server, Questions For Confluence | 2024-02-04 | N/A | 9.8 CRITICAL |
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app. | |||||
CVE-2022-29477 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2022-40111 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware. | |||||
CVE-2022-36611 | 1 Totolink | 2 A800r, A800r Firmware | 2024-02-04 | N/A | 7.8 HIGH |
TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
CVE-2022-42176 | 1 Pctechsoft | 1 Pcsecure | 2024-02-04 | N/A | 7.8 HIGH |
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access. | |||||
CVE-2022-29962 | 1 Emerson | 48 Deltav Distributed Control System Sq Controller, Deltav Distributed Control System Sq Controller Firmware, Deltav Distributed Control System Sx Controller and 45 more | 2024-02-04 | N/A | 5.5 MEDIUM |
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. | |||||
CVE-2022-35540 | 1 Dotnetcore | 1 Agileconfig | 2024-02-04 | N/A | 9.8 CRITICAL |
Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. |