Vulnerabilities (CVE)

Filtered by CWE-798
Total 1270 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-37755 1 I-doit 1 I-doit 2024-02-28 N/A 9.8 CRITICAL
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS).
CVE-2023-26219 1 Tibco 4 Hawk, Hawk Distribution For Tibco Silver Fabric, Operational Intelligence Hawk Redtail and 1 more 2024-02-28 N/A 8.8 HIGH
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.
CVE-2023-41713 1 Sonicwall 61 Nsa2700, Nsa3700, Nsa4700 and 58 more 2024-02-28 N/A 7.5 HIGH
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
CVE-2023-34123 1 Sonicwall 2 Analytics, Global Management System 2024-02-28 N/A 7.5 HIGH
Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
CVE-2023-33836 1 Ibm 1 Security Verify Governance 2024-02-28 N/A 9.8 CRITICAL
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016.
CVE-2023-46102 1 Boschrexroth 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more 2024-02-28 N/A 8.8 HIGH
The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application. This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself.
CVE-2023-39808 1 Nvki 1 Intelligent Broadband Subscriber Gateway 2024-02-28 N/A 9.8 CRITICAL
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service.
CVE-2023-41372 1 Boschrexroth 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more 2024-02-28 N/A 7.8 HIGH
The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair
CVE-2023-42336 1 Netis-systems 2 Wf2409e, Wf2409e Firmware 2024-02-28 N/A 9.8 CRITICAL
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.
CVE-2023-42492 1 Busbaer 1 Eisbaer Scada 2024-02-28 N/A 9.8 CRITICAL
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key
CVE-2023-5777 1 Weintek 1 Easybuilder Pro 2024-02-28 N/A 9.8 CRITICAL
Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.
CVE-2023-38024 1 Myspotcam 2 Fhd 2, Fhd 2 Firmware 2024-02-28 N/A 9.8 CRITICAL
SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.
CVE-2023-31581 1 Dromara 1 Sureness 2024-02-28 N/A 9.8 CRITICAL
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.
CVE-2023-38026 1 Myspotcam 2 Fhd 2, Fhd 2 Firmware 2024-02-28 N/A 9.8 CRITICAL
SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.
CVE-2023-33744 1 Teleadapt 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware 2024-02-28 N/A 9.8 CRITICAL
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671.
CVE-2023-37857 1 Phoenixcontact 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more 2024-02-28 N/A 7.2 HIGH
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.
CVE-2022-44612 1 Intel 1 Unison 2024-02-28 N/A 5.5 MEDIUM
Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access.
CVE-2023-41878 1 Metersphere 1 Metersphere 2024-02-28 N/A 9.8 CRITICAL
MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-35763 1 Iagona 1 Scrutisweb 2024-02-28 N/A 5.5 MEDIUM
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext.
CVE-2023-45499 1 Vinchin 1 Vinchin Backup And Recovery 2024-02-28 N/A 9.8 CRITICAL
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.