Vulnerabilities (CVE)

Filtered by CWE-798
Total 1268 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41320 1 Iongroup 1 Wallstreet Suite 2024-08-04 2.1 LOW 5.5 MEDIUM
A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded (it can be changed during installation or at any later time).
CVE-2021-39615 1 Dlink 2 Dsr-500n, Dsr-500n Firmware 2024-08-04 10.0 HIGH 9.8 CRITICAL
D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-39613 1 Dlink 2 Dvg-3104ms, Dvg-3104ms Firmware 2024-08-04 5.0 MEDIUM 9.8 CRITICAL
D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-36799 1 Knx 1 Engineering Tool Software 5 2024-08-04 2.1 LOW 8.8 HIGH
KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2022-47558 1 Ormazabal 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more 2024-08-03 N/A 9.8 CRITICAL
Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors.
CVE-2023-46706 1 Machinesense 2 Feverwarn, Feverwarn Firmware 2024-08-02 N/A 9.8 CRITICAL
Multiple MachineSense devices have credentials unable to be changed by the user or administrator.
CVE-2024-41611 2024-08-01 N/A 9.8 CRITICAL
In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands.
CVE-2024-41610 2024-08-01 N/A 9.8 CRITICAL
D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet service, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands.
CVE-2024-36480 2024-08-01 N/A 9.8 CRITICAL
Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the PC.
CVE-2024-35338 1 Tendacn 2 I29, I29 Firmware 2024-08-01 N/A 9.8 CRITICAL
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
CVE-2022-30997 1 Yokogawa 4 Stardom Fcj, Stardom Fcj Firmware, Stardom Fcn and 1 more 2024-08-01 9.0 HIGH 7.2 HIGH
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware.
CVE-2022-30271 1 Motorola 2 Ace1000, Ace1000 Firmware 2024-08-01 N/A 9.8 CRITICAL
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default.
CVE-2024-0865 1 Schneider-electric 1 Ecostruxure It Gateway 2024-07-19 N/A 7.8 HIGH
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.
CVE-2024-5471 1 Zohocorp 1 Manageengine Ddi Central 2024-07-18 N/A 9.8 CRITICAL
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys.
CVE-2023-46685 1 Level1 2 Wbr-6013, Wbr-6013 Firmware 2024-07-11 N/A 9.8 CRITICAL
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution.
CVE-2024-33329 2024-07-11 N/A N/A
A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information.
CVE-2024-28747 2024-07-09 N/A 9.8 CRITICAL
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
CVE-2024-27170 2024-07-04 N/A 7.4 HIGH
It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL.
CVE-2024-27168 2024-07-04 N/A 7.1 HIGH
It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL.
CVE-2024-27161 2024-07-04 N/A 6.2 MEDIUM
all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.