Vulnerabilities (CVE)

Filtered by CWE-798
Total 1270 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-22769 1 Hitron Systems 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware 2024-02-28 N/A 7.5 HIGH
Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
CVE-2023-33413 1 Supermicro 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more 2024-02-28 N/A 8.8 HIGH
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands.
CVE-2023-49253 1 Hongdian 2 H8951-4g-esp, H8951-4g-esp Firmware 2024-02-28 N/A 9.8 CRITICAL
Root user password is hardcoded into the device and cannot be changed in the user interface.
CVE-2023-50974 1 Appwrite 1 Command Line Interface 2024-02-28 N/A 5.5 MEDIUM
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.
CVE-2023-6409 2024-02-28 N/A 7.7 HIGH
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert.
CVE-2023-46711 1 Buffalo 2 Vr-s1000, Vr-s1000 Firmware 2024-02-28 N/A 4.6 MEDIUM
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user.
CVE-2023-36651 1 Prolion 1 Cryptospike 2024-02-28 N/A 7.2 HIGH
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials.
CVE-2023-40236 1 Pexip 1 Virtual Meeting Rooms 2024-02-28 N/A 5.3 MEDIUM
In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.
CVE-2023-23324 1 Zumtobel 2 Netlink Ccd, Netlink Ccd Firmware 2024-02-28 N/A 9.8 CRITICAL
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account.
CVE-2024-22772 1 Hitron Systems 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware 2024-02-28 N/A 7.5 HIGH
Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
CVE-2023-48055 1 Superagi 1 Superagi 2024-02-28 N/A 7.5 HIGH
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications.
CVE-2023-28895 1 Preh 2 Mib3, Mib3 Firmware 2024-02-28 N/A 6.8 MEDIUM
The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
CVE-2023-48388 1 Multisuns 2 Easylog Web\+, Easylog Web\+ Firmware 2024-02-28 N/A 9.8 CRITICAL
Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.
CVE-2023-47704 3 Ibm, Linux, Microsoft 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more 2024-02-28 N/A 7.5 HIGH
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220.
CVE-2023-49228 1 Peplink 2 Balance Two, Balance Two Firmware 2024-02-28 N/A 6.4 MEDIUM
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.
CVE-2024-22853 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2024-02-28 N/A 9.8 CRITICAL
D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.
CVE-2024-23619 1 Ibm 1 Merge Efilm Workstation 2024-02-28 10.0 HIGH 9.8 CRITICAL
A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.
CVE-2023-48374 1 Csharp 1 Cws Collaborative Development Platform 2024-02-28 N/A 6.5 MEDIUM
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information.
CVE-2024-22771 1 Hitron Systems 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware 2024-02-28 N/A 7.5 HIGH
Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
CVE-2023-29064 2 Bd, Hp 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 2024-02-28 N/A 4.3 MEDIUM
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.