Vulnerabilities (CVE)

Filtered by CWE-798
Total 1270 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-23726 1 Ubeeinteractive 2 Ddw365, Ddw365 Firmware 2024-02-28 N/A 8.8 HIGH
Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.
CVE-2023-43870 1 Paxton-access 1 Net2 2024-02-28 N/A 9.8 CRITICAL
When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content.
CVE-2023-48251 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2024-02-28 N/A 9.8 CRITICAL
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.
CVE-2023-47800 1 Natus 2 Neuroworks Eeg, Sleepworks 2024-02-28 N/A 9.8 CRITICAL
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.
CVE-2023-6482 1 Synaptics 1 Fingerprint Driver 2024-02-28 N/A 5.2 MEDIUM
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database.
CVE-2023-48250 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2024-02-28 N/A 9.8 CRITICAL
The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.
CVE-2023-36647 1 Prolion 1 Cryptospike 2024-02-28 N/A 7.5 HIGH
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.
CVE-2023-46918 1 Fedirtsapana 1 Simple Http Server Plus 2024-02-28 N/A 4.6 MEDIUM
Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device.
CVE-2023-28897 1 Skoda-auto 2 Superb 3, Superb 3 Firmware 2024-02-28 N/A 9.8 CRITICAL
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
CVE-2024-21764 1 Rapidscada 1 Rapid Scada 2024-02-28 N/A 9.8 CRITICAL
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port.
CVE-2024-22313 1 Ibm 1 Storage Defender Resiliency Service 2024-02-28 N/A 7.8 HIGH
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.
CVE-2024-24324 1 Totolink 2 A8000ru, A8000ru Firmware 2024-02-28 N/A 9.8 CRITICAL
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.
CVE-2024-23685 1 Openlibraryfoundation 1 Mod-remote-storage 2024-02-28 N/A 5.3 MEDIUM
Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types.
CVE-2023-41508 1 Superstorefinder 1 Super Store Finder 2024-02-28 N/A 9.8 CRITICAL
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.
CVE-2023-3262 1 Dataprobe 44 Iboot-pdu4-c20, Iboot-pdu4-c20 Firmware, Iboot-pdu4-n20 and 41 more 2024-02-28 N/A 6.7 MEDIUM
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.
CVE-2023-3264 2 Cyberpower, Dataprobe 45 Powerpanel Server, Iboot-pdu4-c20, Iboot-pdu4-c20 Firmware and 42 more 2024-02-28 N/A 9.8 CRITICAL
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.
CVE-2023-31808 1 Technicolor 2 Tg670, Tg670 Firmware 2024-02-28 N/A 7.2 HIGH
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled.
CVE-2023-42328 1 Peppermint 1 Peppermint 2024-02-28 N/A 8.8 HIGH
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.
CVE-2022-3744 1 Lenovo 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more 2024-02-28 N/A 6.7 MEDIUM
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential.
CVE-2023-41030 1 Juplink 2 Rx4-1500, Rx4-1500 Firmware 2024-02-28 5.8 MEDIUM 9.8 CRITICAL
Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.