Total
1166 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27162 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP. | |||||
| CVE-2020-28952 | 1 Homey | 4 Homey, Homey Firmware, Homey Pro and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all inter-device communication is encrypted. However, the cited Athom products use another widely known key that is designed for testing purposes: "01030507090b0d0f00020406080a0c0d" (the decimal equivalent of 1 3 5 7 9 11 13 15 0 2 4 6 8 10 12 13), which is human generated and static across all issued devices. | |||||
| CVE-2020-28999 | 1 Mygeeni | 2 Gnc-cw013, Gnc-cw013 Firmware | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into a shared library (libhipcam.so) used to provide the streaming camera service. | |||||
| CVE-2021-27141 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.) | |||||
| CVE-2020-9306 | 1 Tesla | 1 Solarcity Solar Monitoring Gateway | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
| Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. | |||||
| CVE-2021-27157 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 888888 credentials for an ISP. | |||||
| CVE-2020-2499 | 1 Qnap | 1 Qes | 2024-02-04 | 4.0 MEDIUM | 7.2 HIGH |
| A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later. | |||||
| CVE-2021-27168 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account. | |||||
| CVE-2020-26509 | 1 Airleader | 3 Airleader Easy, Airleader Master, Airleader Master Control | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service. | |||||
| CVE-2020-24215 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution. | |||||
| CVE-2021-27147 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP. | |||||
| CVE-2021-20412 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192. | |||||
| CVE-2020-11857 | 1 Microfocus | 1 Operation Bridge Reporter | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user | |||||
| CVE-2020-29375 | 1 Vsolcn | 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user. | |||||
| CVE-2021-27158 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded L1vt1m4eng / 888888 credentials for an ISP. | |||||
| CVE-2020-10206 | 1 Amino | 12 Ak45x, Ak45x Firmware, Ak5xx and 9 more | 2024-02-04 | 3.6 LOW | 4.4 MEDIUM |
| Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device. | |||||
| CVE-2021-27164 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / aisadmin credentials for an ISP. | |||||
| CVE-2021-21979 | 1 Bitnami | 1 Containers | 2024-02-04 | 7.5 HIGH | 7.3 HIGH |
| In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. This value is crucial for the security of the application and must be randomly generated per Laravel installation. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application. | |||||
| CVE-2020-25620 | 1 Solarwinds | 1 N-central | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named support@n-able.com and nableadmin@n-able.com. These allow logins to the N-Central Administrative Console (NAC) and/or the regular web interface. | |||||
| CVE-2019-14482 | 1 Adremsoft | 1 Netcrunch | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across different customers' installations when no other SSL certificate is installed, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | |||||