Total
1166 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20773 | 1 Cisco | 1 Umbrella | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA. | |||||
| CVE-2022-31619 | 1 Siemens | 1 Teamcenter | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions. | |||||
| CVE-2021-34601 | 1 Bender | 4 Cc612, Cc612 Firmware, Cc613 and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI. | |||||
| CVE-2021-45522 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2024-02-04 | 7.5 HIGH | 8.8 HIGH |
| NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded password. | |||||
| CVE-2021-20132 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0). | |||||
| CVE-2021-43282 | 1 Govicture | 2 Wr1200, Wr1200 Firmware | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router's MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network interface controller (NIC). An attacker within scanning range of the Wi-Fi network can thus scan for Wi-Fi networks to obtain the default key. | |||||
| CVE-2021-45033 | 1 Siemens | 8 Cp-8000 Master Module With I\/o -25\/\+70, Cp-8000 Master Module With I\/o -25\/\+70 Firmware, Cp-8000 Master Module With I\/o -40\/\+70 and 5 more | 2024-02-04 | 8.5 HIGH | 8.8 HIGH |
| A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device. | |||||
| CVE-2021-23233 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters. | |||||
| CVE-2021-41028 | 1 Fortinet | 2 Forticlient, Forticlient Endpoint Management Server | 2024-02-04 | 5.4 MEDIUM | 7.5 HIGH |
| A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol. | |||||
| CVE-2021-34744 | 1 Cisco | 32 Business 220-16p-2g, Business 220-16p-2g Firmware, Business 220-16t-2g and 29 more | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-22928 | 1 Mingsoft | 1 Mcms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code. | |||||
| CVE-2022-22056 | 1 Le-yan Dental Management System Project | 1 Le-yan Dental Management System | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service. | |||||
| CVE-2021-43284 | 1 Govicture | 2 Wr1200, Wr1200 Firmware | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface). | |||||
| CVE-2021-45458 | 1 Apache | 1 Kylin | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. | |||||
| CVE-2021-26108 | 1 Fortinet | 1 Fortios | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering. | |||||
| CVE-2022-22845 | 1 Qxip | 1 Homer Webapp | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations. | |||||
| CVE-2021-42833 | 1 Xylem | 1 Aquaview | 2024-02-04 | 4.6 MEDIUM | 8.8 HIGH |
| A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings. | |||||
| CVE-2021-43136 | 1 Formalms | 1 Formalms | 2024-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform. | |||||
| CVE-2021-20155 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678". | |||||
| CVE-2021-33583 | 1 Reiner-sct | 1 Timecard | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file. | |||||