Total
1267 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-23816 | 1 Siemens | 1 Location Intelligence | 2024-10-22 | N/A | 9.8 CRITICAL |
A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application. | |||||
CVE-2023-47213 | 1 C-first | 56 Cfr-1004ea, Cfr-1004ea Firmware, Cfr-1008ea and 53 more | 2024-10-21 | N/A | 9.8 CRITICAL |
First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround. | |||||
CVE-2024-4740 | 1 Moxa | 1 Mxsecurity | 2024-10-18 | N/A | 7.5 HIGH |
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data. | |||||
CVE-2024-10025 | 2024-10-18 | N/A | 9.1 CRITICAL | ||
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password. | |||||
CVE-2024-48192 | 2024-10-18 | N/A | 8.0 HIGH | ||
Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root | |||||
CVE-2024-45275 | 2 Helmholz, Mbconnectline | 4 Rex 100, Rex 100 Firmware, Mbnet.mini and 1 more | 2024-10-17 | N/A | 9.8 CRITICAL |
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. | |||||
CVE-2024-28987 | 1 Solarwinds | 1 Web Help Desk | 2024-10-16 | N/A | 9.1 CRITICAL |
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. | |||||
CVE-2024-45698 | 1 Dlink | 2 Dir-x4860, Dir-x4860 Firmware | 2024-10-15 | N/A | 9.8 CRITICAL |
Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. | |||||
CVE-2023-48392 | 1 Kaifa | 1 Webitr Attendance System | 2024-10-14 | N/A | 9.8 CRITICAL |
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information. | |||||
CVE-2023-49256 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2024-10-10 | N/A | 7.5 HIGH |
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key. | |||||
CVE-2024-7206 | 2024-10-10 | N/A | N/A | ||
SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware | |||||
CVE-2023-40300 | 1 Netscout | 1 Ngeniuspulse | 2024-10-09 | N/A | 9.8 CRITICAL |
NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. | |||||
CVE-2024-8450 | 1 Planet | 4 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 1 more | 2024-10-04 | N/A | 9.8 CRITICAL |
Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges. | |||||
CVE-2024-8449 | 1 Planet | 4 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 1 more | 2024-10-04 | N/A | 6.8 MEDIUM |
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password. | |||||
CVE-2024-8448 | 1 Planet | 4 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 1 more | 2024-10-04 | N/A | 8.8 HIGH |
Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell. | |||||
CVE-2024-28809 | 2024-10-04 | N/A | 8.8 HIGH | ||
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials. | |||||
CVE-2024-28812 | 2024-10-04 | N/A | 8.8 HIGH | ||
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance operating system (with highest privileges) via an SSH connection. | |||||
CVE-2024-23958 | 1 Autel | 2 Maxicharger Ac Elite Business C50, Maxicharger Ac Elite Business C50 Firmware | 2024-10-03 | N/A | 8.8 HIGH |
Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BLE AppAuthenRequest command handler. The handler uses hardcoded credentials as a fallback in case of an authentication request failure. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23196 | |||||
CVE-2024-38281 | 1 Motorola | 2 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware | 2024-10-03 | N/A | 9.8 CRITICAL |
An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device. | |||||
CVE-2024-43423 | 1 Doverfuelingsolutions | 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more | 2024-10-01 | N/A | 9.8 CRITICAL |
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. |