Total
1101 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-28897 | 1 Skoda-auto | 2 Superb 3, Superb 3 Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | |||||
CVE-2024-22769 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-02-05 | N/A | 7.5 HIGH |
Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
CVE-2023-50124 | 1 Flient | 2 Smart Lock Advanced, Smart Lock Advanced Firmware | 2024-02-05 | N/A | 6.8 MEDIUM |
Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner. | |||||
CVE-2023-47213 | 1 C-first | 56 Cfr-1004ea, Cfr-1004ea Firmware, Cfr-1008ea and 53 more | 2024-02-05 | N/A | 9.8 CRITICAL |
First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround. | |||||
CVE-2023-48388 | 1 Multisuns | 2 Easylog Web\+, Easylog Web\+ Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service. | |||||
CVE-2023-36651 | 1 Prolion | 1 Cryptospike | 2024-02-05 | N/A | 7.2 HIGH |
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. | |||||
CVE-2023-48250 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 9.8 CRITICAL |
The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. | |||||
CVE-2024-22770 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-02-05 | N/A | 7.5 HIGH |
Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
CVE-2023-48053 | 1 Archerydms | 1 Archery | 2024-02-05 | N/A | 7.5 HIGH |
Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. | |||||
CVE-2023-44296 | 1 Dell | 1 E-lab Navigator | 2024-02-05 | N/A | 5.5 MEDIUM |
Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information. | |||||
CVE-2024-23687 | 1 Openlibraryfoundation | 1 Mod-data-export-spring | 2024-02-05 | N/A | 9.1 CRITICAL |
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines. | |||||
CVE-2024-24324 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | |||||
CVE-2023-48055 | 1 Superagi | 1 Superagi | 2024-02-05 | N/A | 7.5 HIGH |
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications. | |||||
CVE-2023-49256 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2024-02-05 | N/A | 7.5 HIGH |
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key. | |||||
CVE-2023-40719 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-02-05 | N/A | 5.5 MEDIUM |
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials. | |||||
CVE-2024-23619 | 1 Ibm | 1 Merge Efilm Workstation | 2024-02-05 | 10.0 HIGH | 9.8 CRITICAL |
A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. | |||||
CVE-2023-49228 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-02-05 | N/A | 6.4 MEDIUM |
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root. | |||||
CVE-2023-46919 | 1 Fedirtsapana | 2 Simple Http Server, Simple Http Server Plus | 2024-02-05 | N/A | 6.3 MEDIUM |
Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K encryption key. The threat is from a man-in-the-middle attacker who can intercept and potentially modify data during transmission. | |||||
CVE-2023-49253 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Root user password is hardcoded into the device and cannot be changed in the user interface. | |||||
CVE-2023-6482 | 1 Synaptics | 1 Fingerprint Driver | 2024-02-05 | N/A | 5.2 MEDIUM |
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. |