Total
1271 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21426 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
| Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN. | |||||
| CVE-2023-24149 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow. | |||||
| CVE-2022-29828 | 1 Mitsubishielectric | 1 Gx Works3 | 2024-02-28 | N/A | 7.5 HIGH |
| Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project file or execute programs illegally. | |||||
| CVE-2022-46637 | 1 Prolink2u | 2 Prs1841, Prs1841 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services. | |||||
| CVE-2023-25823 | 1 Gradio Project | 1 Gradio | 2024-02-28 | N/A | 9.8 CRITICAL |
| Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links (i.e. creating a Gradio app and then setting `share=True`), a private SSH key is sent to any user that connects to the Gradio machine, which means that a user could access other users' shared Gradio demos. From there, other exploits are possible depending on the level of access/exposure the Gradio app provides. This issue is patched in version 3.13.1, however, users are recommended to update to 3.19.1 or later where the FRP solution has been properly tested. | |||||
| CVE-2022-45444 | 1 Sewio | 1 Real-time Location System Studio | 2024-02-28 | N/A | 9.8 CRITICAL |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access. | |||||
| CVE-2022-48113 | 1 Totolink | 2 N200re-v5, N200re-v5 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials. | |||||
| CVE-2022-41653 | 1 Daikinlatam | 2 Svmpc1, Svmpc2 | 2024-02-28 | N/A | 9.8 CRITICAL |
| Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system. | |||||
| CVE-2023-22463 | 1 Fit2cloud | 1 Kubepi | 2024-02-28 | N/A | 9.8 CRITICAL |
| KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code. The vulnerability has been fixed in 1.6.3. In the patch, JWT key is specified in app.yml. If the user leaves it blank, a random key will be used. There are no workarounds aside from upgrading. | |||||
| CVE-2023-24022 | 1 Baicells | 5 Nova227, Nova233, Nova243 and 2 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) | |||||
| CVE-2022-34441 | 1 Dell | 1 Emc Secure Connect Gateway Policy Manager | 2024-02-28 | N/A | 9.8 CRITICAL |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | |||||
| CVE-2022-34840 | 1 Buffalo | 18 Hw-450hp-zwe, Hw-450hp-zwe Firmware, Wzr-300hp and 15 more | 2024-02-28 | N/A | 6.5 MEDIUM |
| Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, and WZR-D1100H firmware Ver. 2.00 and earlier. | |||||
| CVE-2023-1269 | 1 Easyappointments | 1 Easyappointments | 2024-02-28 | N/A | 9.8 CRITICAL |
| Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2022-40602 | 1 Zyxel | 2 Lte3301-m209, Lte3301-m209 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. | |||||
| CVE-2023-23132 | 1 Selfwealth | 1 Selfwealth | 2024-02-28 | N/A | 7.5 HIGH |
| Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys. | |||||
| CVE-2022-29830 | 1 Mitsubishielectric | 1 Gx Works3 | 2024-02-28 | N/A | 9.1 CRITICAL |
| Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Motion Control Setting(GX Works3 related software) versions from 1.000A and later allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthenticated attackers may obtain information about project files illegally. | |||||
| CVE-2022-39185 | 1 Exfo | 2 Bv-10, Bv-10 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user. | |||||
| CVE-2022-3927 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-02-28 | N/A | 9.8 CRITICAL |
| The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:* | |||||
| CVE-2022-41157 | 2 Microsoft, Webcash | 2 Windows, Serp Server 2.0 | 2024-02-28 | N/A | 9.8 CRITICAL |
| A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands. | |||||
| CVE-2022-32967 | 1 Realtek | 4 Rtl8111ep-cg, Rtl8111ep-cg Firmware, Rtl8111fp-cg and 1 more | 2024-02-28 | N/A | 2.1 LOW |
| RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information. | |||||