Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32145 | 2024-09-18 | N/A | 8.8 HIGH | ||
| D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-18455. | |||||
| CVE-2024-39585 | 1 Dell | 1 Smartfabric Os10 | 2024-09-17 | N/A | 8.1 HIGH |
| Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure. | |||||
| CVE-2023-37231 | 2024-09-10 | N/A | 9.8 CRITICAL | ||
| Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password. | |||||
| CVE-2024-8580 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-10 | 7.6 HIGH | 8.1 HIGH |
| A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-39345 | 1 Adtran | 2 834-5, Sdg Smartos | 2024-09-03 | N/A | 7.2 HIGH |
| AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges. NOTE: The vendor states that there is no intended functionality allowing an attacker to execute arbitrary OS Commands with root-level privileges. The vendor also states that this issue was fixed in SmartOS 12.5.5.1. | |||||
| CVE-2024-4708 | 1 Myscada | 1 Mypro | 2024-08-29 | N/A | 9.8 CRITICAL |
| mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. | |||||
| CVE-2023-49963 | 2024-08-22 | N/A | 8.8 HIGH | ||
| DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded password that could allow an attacker to take control. | |||||
| CVE-2024-27488 | 2024-08-22 | N/A | 9.8 CRITICAL | ||
| Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful api interface, but the secret is hardcoded by default. | |||||
| CVE-2024-31798 | 1 Gncchome | 2 Gncc C2, Gncc C2 Firmware | 2024-08-16 | N/A | 6.8 MEDIUM |
| Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices | |||||
| CVE-2024-34211 | 2024-08-15 | N/A | 8.8 HIGH | ||
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | |||||
| CVE-2024-28066 | 2024-08-15 | N/A | 8.8 HIGH | ||
| In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). | |||||
| CVE-2024-7332 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2024-08-09 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7170 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2024-08-08 | 2.7 LOW | 8.8 HIGH |
| A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7155 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-08 | 1.0 LOW | 4.7 MEDIUM |
| A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7159 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-08-08 | 4.9 MEDIUM | 8.8 HIGH |
| A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier VDB-272573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-41616 | 1 Dlink | 2 Dir-300, Dir-300 Firmware | 2024-08-07 | N/A | 9.8 CRITICAL |
| D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. | |||||
| CVE-2024-7216 | 1 Totolink | 2 Lr1200, Lr1200 Firmware | 2024-08-06 | 1.4 LOW | 5.3 MEDIUM |
| A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-38885 | 2024-08-05 | N/A | 7.5 HIGH | ||
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application. | |||||
| CVE-2024-36526 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
| ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. | |||||
| CVE-2024-32210 | 2024-08-01 | N/A | 5.3 MEDIUM | ||
| The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections. | |||||