Total
1270 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-22769 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
CVE-2023-33413 | 1 Supermicro | 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more | 2024-02-28 | N/A | 8.8 HIGH |
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. | |||||
CVE-2023-49253 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
Root user password is hardcoded into the device and cannot be changed in the user interface. | |||||
CVE-2023-50974 | 1 Appwrite | 1 Command Line Interface | 2024-02-28 | N/A | 5.5 MEDIUM |
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials. | |||||
CVE-2023-6409 | 2024-02-28 | N/A | 7.7 HIGH | ||
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert. | |||||
CVE-2023-46711 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-02-28 | N/A | 4.6 MEDIUM |
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user. | |||||
CVE-2023-36651 | 1 Prolion | 1 Cryptospike | 2024-02-28 | N/A | 7.2 HIGH |
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. | |||||
CVE-2023-40236 | 1 Pexip | 1 Virtual Meeting Rooms | 2024-02-28 | N/A | 5.3 MEDIUM |
In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass. | |||||
CVE-2023-23324 | 1 Zumtobel | 2 Netlink Ccd, Netlink Ccd Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account. | |||||
CVE-2024-22772 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
CVE-2023-48055 | 1 Superagi | 1 Superagi | 2024-02-28 | N/A | 7.5 HIGH |
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications. | |||||
CVE-2023-28895 | 1 Preh | 2 Mib3, Mib3 Firmware | 2024-02-28 | N/A | 6.8 MEDIUM |
The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | |||||
CVE-2023-48388 | 1 Multisuns | 2 Easylog Web\+, Easylog Web\+ Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service. | |||||
CVE-2023-47704 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220. | |||||
CVE-2023-49228 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-02-28 | N/A | 6.4 MEDIUM |
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root. | |||||
CVE-2024-22853 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. | |||||
CVE-2024-23619 | 1 Ibm | 1 Merge Efilm Workstation | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. | |||||
CVE-2023-48374 | 1 Csharp | 1 Cws Collaborative Development Platform | 2024-02-28 | N/A | 6.5 MEDIUM |
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information. | |||||
CVE-2024-22771 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
CVE-2023-29064 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-02-28 | N/A | 4.3 MEDIUM |
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts. |