Total
1270 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-23726 | 1 Ubeeinteractive | 2 Ddw365, Ddw365 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit. | |||||
CVE-2023-43870 | 1 Paxton-access | 1 Net2 | 2024-02-28 | N/A | 9.8 CRITICAL |
When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content. | |||||
CVE-2023-48251 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-28 | N/A | 9.8 CRITICAL |
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. | |||||
CVE-2023-47800 | 1 Natus | 2 Neuroworks Eeg, Sleepworks | 2024-02-28 | N/A | 9.8 CRITICAL |
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services. | |||||
CVE-2023-6482 | 1 Synaptics | 1 Fingerprint Driver | 2024-02-28 | N/A | 5.2 MEDIUM |
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. | |||||
CVE-2023-48250 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-28 | N/A | 9.8 CRITICAL |
The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. | |||||
CVE-2023-36647 | 1 Prolion | 1 Cryptospike | 2024-02-28 | N/A | 7.5 HIGH |
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens. | |||||
CVE-2023-46918 | 1 Fedirtsapana | 1 Simple Http Server Plus | 2024-02-28 | N/A | 4.6 MEDIUM |
Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device. | |||||
CVE-2023-28897 | 1 Skoda-auto | 2 Superb 3, Superb 3 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | |||||
CVE-2024-21764 | 1 Rapidscada | 1 Rapid Scada | 2024-02-28 | N/A | 9.8 CRITICAL |
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. | |||||
CVE-2024-22313 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-02-28 | N/A | 7.8 HIGH |
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. | |||||
CVE-2024-24324 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | |||||
CVE-2024-23685 | 1 Openlibraryfoundation | 1 Mod-remote-storage | 2024-02-28 | N/A | 5.3 MEDIUM |
Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types. | |||||
CVE-2023-41508 | 1 Superstorefinder | 1 Super Store Finder | 2024-02-28 | N/A | 9.8 CRITICAL |
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel. | |||||
CVE-2023-3262 | 1 Dataprobe | 44 Iboot-pdu4-c20, Iboot-pdu4-c20 Firmware, Iboot-pdu4-n20 and 41 more | 2024-02-28 | N/A | 6.7 MEDIUM |
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records. | |||||
CVE-2023-3264 | 2 Cyberpower, Dataprobe | 45 Powerpanel Server, Iboot-pdu4-c20, Iboot-pdu4-c20 Firmware and 42 more | 2024-02-28 | N/A | 9.8 CRITICAL |
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records. | |||||
CVE-2023-31808 | 1 Technicolor | 2 Tg670, Tg670 Firmware | 2024-02-28 | N/A | 7.2 HIGH |
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled. | |||||
CVE-2023-42328 | 1 Peppermint | 1 Peppermint | 2024-02-28 | N/A | 8.8 HIGH |
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie. | |||||
CVE-2022-3744 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2024-02-28 | N/A | 6.7 MEDIUM |
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential. | |||||
CVE-2023-41030 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-02-28 | 5.8 MEDIUM | 9.8 CRITICAL |
Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user. |