Total
1268 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-41320 | 1 Iongroup | 1 Wallstreet Suite | 2024-08-04 | 2.1 LOW | 5.5 MEDIUM |
A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded (it can be changed during installation or at any later time). | |||||
CVE-2021-39615 | 1 Dlink | 2 Dsr-500n, Dsr-500n Firmware | 2024-08-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
CVE-2021-39613 | 1 Dlink | 2 Dvg-3104ms, Dvg-3104ms Firmware | 2024-08-04 | 5.0 MEDIUM | 9.8 CRITICAL |
D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
CVE-2021-36799 | 1 Knx | 1 Engineering Tool Software 5 | 2024-08-04 | 2.1 LOW | 8.8 HIGH |
KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
CVE-2022-47558 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-08-03 | N/A | 9.8 CRITICAL |
Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors. | |||||
CVE-2023-46706 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
Multiple MachineSense devices have credentials unable to be changed by the user or administrator. | |||||
CVE-2024-41611 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands. | |||||
CVE-2024-41610 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet service, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands. | |||||
CVE-2024-36480 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the PC. | |||||
CVE-2024-35338 | 1 Tendacn | 2 I29, I29 Firmware | 2024-08-01 | N/A | 9.8 CRITICAL |
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. | |||||
CVE-2022-30997 | 1 Yokogawa | 4 Stardom Fcj, Stardom Fcj Firmware, Stardom Fcn and 1 more | 2024-08-01 | 9.0 HIGH | 7.2 HIGH |
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware. | |||||
CVE-2022-30271 | 1 Motorola | 2 Ace1000, Ace1000 Firmware | 2024-08-01 | N/A | 9.8 CRITICAL |
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default. | |||||
CVE-2024-0865 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-07-19 | N/A | 7.8 HIGH |
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. | |||||
CVE-2024-5471 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-07-18 | N/A | 9.8 CRITICAL |
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. | |||||
CVE-2023-46685 | 1 Level1 | 2 Wbr-6013, Wbr-6013 Firmware | 2024-07-11 | N/A | 9.8 CRITICAL |
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution. | |||||
CVE-2024-33329 | 2024-07-11 | N/A | N/A | ||
A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information. | |||||
CVE-2024-28747 | 2024-07-09 | N/A | 9.8 CRITICAL | ||
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges. | |||||
CVE-2024-27170 | 2024-07-04 | N/A | 7.4 HIGH | ||
It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL. | |||||
CVE-2024-27168 | 2024-07-04 | N/A | 7.1 HIGH | ||
It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL. | |||||
CVE-2024-27161 | 2024-07-04 | N/A | 6.2 MEDIUM | ||
all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. |