Total
1109 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32227 | 1 Synel | 2 Synergy\/a, Synergy\/a Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
| Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials | |||||
| CVE-2023-22957 | 1 Audiocodes | 12 405hd, 405hd Firmware, 445hd and 9 more | 2024-02-05 | N/A | 7.5 HIGH |
| An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password. | |||||
| CVE-2023-22429 | 1 Wolt | 1 Wolt Delivery | 2024-02-04 | N/A | 7.8 HIGH |
| Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials (API key for an external service), which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary. | |||||
| CVE-2022-41397 | 1 Sage | 1 Sage 300 | 2024-02-04 | N/A | 9.8 CRITICAL |
| The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables. | |||||
| CVE-2023-24501 | 1 Electra-air | 2 Central Ac Unit, Central Ac Unit Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
| Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit. | |||||
| CVE-2023-30352 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed. | |||||
| CVE-2023-27512 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2024-02-04 | N/A | 7.2 HIGH |
| Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation. | |||||
| CVE-2023-27921 | 1 Jins | 2 Jins Meme, Jins Meme Firmware | 2024-02-04 | N/A | 6.5 MEDIUM |
| JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker. | |||||
| CVE-2023-37286 | 1 Smartsoft | 1 Smartbpm.net | 2024-02-04 | N/A | 9.8 CRITICAL |
| SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service. | |||||
| CVE-2023-33920 | 1 Siemens | 3 Cp-8031 Master Module, Cp-8050 Master Module, Cpci85 Firmware | 2024-02-04 | N/A | 6.8 MEDIUM |
| A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability. | |||||
| CVE-2022-47617 | 1 Hitrontech | 2 Coda-5310, Coda-5310 Firmware | 2024-02-04 | N/A | 7.2 HIGH |
| Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption. | |||||
| CVE-2022-37255 | 1 Tp-link | 2 Tapo C310, Tapo C310 Firmware | 2024-02-04 | N/A | 7.5 HIGH |
| TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603. | |||||
| CVE-2023-35987 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
| PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. | |||||
| CVE-2023-36623 | 1 Loxone | 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware | 2024-02-04 | N/A | 7.8 HIGH |
| The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges. | |||||
| CVE-2023-2611 | 1 Advantech | 1 R-seenet | 2024-02-04 | N/A | 9.8 CRITICAL |
| Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users. | |||||
| CVE-2023-34338 | 1 Ami | 1 Megarac Sp-x | 2024-02-04 | N/A | 9.8 CRITICAL |
| AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | |||||
| CVE-2023-2637 | 1 Rockwellautomation | 2 Factorytalk Policy Manager, Factorytalk System Services | 2024-02-04 | N/A | 8.2 HIGH |
| Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited. | |||||
| CVE-2022-41399 | 1 Sage | 1 Sage 300 | 2024-02-04 | N/A | 7.5 HIGH |
| The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database. | |||||
| CVE-2022-41398 | 1 Sage | 1 Sage 300 | 2024-02-04 | N/A | 7.5 HIGH |
| The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information. | |||||
| CVE-2023-1944 | 1 Kubernetes | 1 Minikube | 2024-02-04 | N/A | 7.8 HIGH |
| This vulnerability enables ssh access to minikube container using a default password. | |||||