Vulnerabilities (CVE)

Filtered by CWE-798
Total 1270 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-0329 1 Cisco 1 Wide Area Application Services 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device. Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration ('running-config') or the startup configuration ('startup-config'). Cisco Bug IDs: CSCvi40137.
CVE-2017-12726 1 Smiths-medical 1 Medfusion 4000 Wireless Syringe Infusion Pump 2024-02-28 7.5 HIGH 7.3 HIGH
A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that it is not possible to upload files via Telnet and the impact of this vulnerability is limited to the communications module.
CVE-2018-12526 1 Telesquare 4 Sdt-cs3b1, Sdt-cs3b1 Firmware, Sdt-cw3b1 and 1 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
CVE-2018-5551 1 Docutracinc 1 Dtisqlinstaller 2024-02-28 10.0 HIGH 10.0 CRITICAL
Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa.
CVE-2018-12924 1 Eztcp 16 Cie-h10, Cie-h10 Firmware, Cie-h12 and 13 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service.
CVE-2017-17540 1 Fortinet 1 Fortiwlc 2024-02-28 10.0 HIGH 9.8 CRITICAL
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.
CVE-2018-5552 1 Docutracinc 1 Dtisqlinstaller 2024-02-28 2.1 LOW 3.3 LOW
Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper".
CVE-2014-3205 1 Seagate 4 Blackarmor Nas 110, Blackarmor Nas 110 Firmware, Blackarmor Nas 220 and 1 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
CVE-2017-1204 1 Ibm 1 Tealeaf Customer Experience 2024-02-28 7.5 HIGH 9.8 CRITICAL
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740.
CVE-2016-3953 1 Web2py 1 Web2py 2024-02-28 7.5 HIGH 9.8 CRITICAL
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.
CVE-2014-3413 1 Juniper 1 Junos Space 2024-02-28 10.0 HIGH 9.8 CRITICAL
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access.
CVE-2015-9254 1 Datto 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
Datto ALTO and SIRIS devices have a default VNC password.
CVE-2018-12323 1 Apollotechnologiesinc 2 Momentum Axel 720p, Momentum Axel 720p Firmware 2024-02-28 7.2 HIGH 6.8 MEDIUM
An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console.
CVE-2018-10813 1 Aprendecondedos 1 Dedos-web 2024-02-28 7.5 HIGH 7.3 HIGH
In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this could lead to privilege escalation.
CVE-2018-5797 1 Extremenetworks 1 Extremewireless Wing 2024-02-28 3.3 LOW 7.5 HIGH
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.
CVE-2018-11635 1 Dialogic 1 Powermedia Xms 2024-02-28 7.5 HIGH 9.8 CRITICAL
Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication.
CVE-2017-14006 1 Ge 1 Xeleris 2024-02-28 7.5 HIGH 9.8 CRITICAL
GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.
CVE-2018-11641 1 Dialogic 1 Powermedia Xms 2024-02-28 7.5 HIGH 9.8 CRITICAL
Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service.
CVE-2018-7047 1 Wowza 1 Streaming Engine 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).
CVE-2018-8870 1 Medtronic 4 24950 Mycarelink Monitor, 24950 Mycarelink Monitor Firmware, 24952 Mycarelink Monitor and 1 more 2024-02-28 7.2 HIGH 6.8 MEDIUM
Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.