Total
1192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45861 | 1 Kastle | 2 Access Control System, Access Control System Firmware | 2024-09-30 | N/A | 7.5 HIGH |
| Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information. | |||||
| CVE-2023-32619 | 1 Tp-link | 4 Archer C50 V3, Archer C50 V3 Firmware, Archer C55 and 1 more | 2024-09-26 | N/A | 8.8 HIGH |
| Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. | |||||
| CVE-2023-27584 | 1 D7y | 1 Dragonfly | 2024-09-25 | N/A | 9.8 CRITICAL |
| Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to authentication bypass. An attacker can perform any action as a user with admin privileges. This issue has been addressed in release version 2.0.9. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-41612 | 2024-09-20 | N/A | 8.8 HIGH | ||
| Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card. | |||||
| CVE-2023-41610 | 2024-09-20 | N/A | 8.8 HIGH | ||
| Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext. | |||||
| CVE-2024-35118 | 1 Ibm | 1 Maas360 Mdm | 2024-09-19 | N/A | 4.6 MEDIUM |
| IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. | |||||
| CVE-2023-43583 | 1 Zoom | 3 Meeting Software Development Kit, Video Software Development Kit, Zoom | 2024-09-19 | N/A | 4.9 MEDIUM |
| Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access. | |||||
| CVE-2024-6656 | 1 Tnbmobil | 1 Cockpit | 2024-09-19 | N/A | 9.8 CRITICAL |
| Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13. | |||||
| CVE-2023-35724 | 2024-09-18 | N/A | 8.8 HIGH | ||
| D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The server program contains hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20050. | |||||
| CVE-2024-39374 | 1 Markoni | 4 Markoni-d \(compact\), Markoni-d \(compact\) Firmware, Markoni-dh \(exciter\+amplifiers\) and 1 more | 2024-09-17 | N/A | 9.8 CRITICAL |
| TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded credentials. | |||||
| CVE-2021-35232 | 1 Solarwinds | 1 Webhelpdesk | 2024-09-17 | 3.6 LOW | 6.1 MEDIUM |
| Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. | |||||
| CVE-2024-39585 | 1 Dell | 1 Smartfabric Os10 | 2024-09-17 | N/A | 8.1 HIGH |
| Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure. | |||||
| CVE-2024-28990 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-16 | N/A | 9.8 CRITICAL |
| SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. | |||||
| CVE-2024-39582 | 1 Dell | 1 Insightiq | 2024-09-16 | N/A | 4.4 MEDIUM |
| Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2024-20439 | 1 Cisco | 1 Smart License Utility | 2024-09-13 | N/A | 9.8 CRITICAL |
| A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application. | |||||
| CVE-2023-49224 | 2024-09-13 | N/A | 8.0 HIGH | ||
| Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges. | |||||
| CVE-2023-49223 | 2024-09-13 | N/A | 8.8 HIGH | ||
| Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information. | |||||
| CVE-2023-49222 | 2024-09-13 | N/A | 8.8 HIGH | ||
| Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges. | |||||
| CVE-2018-17558 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2024-09-11 | N/A | 9.8 CRITICAL |
| Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root. | |||||
| CVE-2024-6912 | 2 Microsoft, Perkinelmer | 2 Windows, Processplus | 2024-09-11 | N/A | 9.8 CRITICAL |
| Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0. | |||||