Total
1166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-41299 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in. | |||||
CVE-2021-45732 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed. | |||||
CVE-2021-44207 | 1 Acclaimsystems | 1 Usaherds | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. | |||||
CVE-2022-22722 | 1 Schneider-electric | 2 Easergy P5, Easergy P5 Firmware | 2024-02-04 | 5.4 MEDIUM | 7.5 HIGH |
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and manipulate traffic associated with product configuration. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101) | |||||
CVE-2022-22987 | 1 Advantech | 2 Adam-3600, Adam-3600 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. | |||||
CVE-2021-41828 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. | |||||
CVE-2022-0131 | 1 Jmty | 1 Jimoty | 2024-02-04 | 2.1 LOW | 3.3 LOW |
Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | |||||
CVE-2021-45106 | 1 Siemens | 1 Sicam Toolbox Ii | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database. | |||||
CVE-2021-44464 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software. | |||||
CVE-2021-43052 | 1 Tibco | 1 Ftl | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below. | |||||
CVE-2021-23842 | 1 Bosch | 5 Access Management System, Access Professional Edition, Amc2 and 2 more | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and modify network traffic, decrypt and further investigate the device\'s firmware file, and change the device configuration. The attacker needs to have access to the local network, typically even the same subnet. | |||||
CVE-2021-45521 | 1 Netgear | 6 Rbk352, Rbk352 Firmware, Rbr350 and 3 more | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. | |||||
CVE-2021-32993 | 1 Philips | 4 Intellibridge Ec40, Intellibridge Ec40 Firmware, Intellibridge Ec80 and 1 more | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | |||||
CVE-2021-40519 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2024-02-04 | 6.4 MEDIUM | 10.0 CRITICAL |
Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials. | |||||
CVE-2021-34571 | 1 Enbra | 1 Ewm | 2024-02-04 | 2.9 LOW | 6.5 MEDIUM |
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM. | |||||
CVE-2021-34757 | 1 Cisco | 32 Business 220-16p-2g, Business 220-16p-2g Firmware, Business 220-16t-2g and 29 more | 2024-02-04 | 3.6 LOW | 5.5 MEDIUM |
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-21199 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
CVE-2020-4690 | 1 Ibm | 1 Security Guardium | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697. | |||||
CVE-2021-21913 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability. | |||||
CVE-2021-42635 | 3 Apple, Linux, Printerlogic | 3 Macos, Linux Kernel, Web Stack | 2024-02-04 | 9.3 HIGH | 8.1 HIGH |
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution. |