Total
1273 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-4708 | 1 Myscada | 1 Mypro | 2024-08-29 | N/A | 9.8 CRITICAL |
mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. | |||||
CVE-2024-8135 | 1 Gotribe | 1 Gotribe | 2024-08-27 | 5.8 MEDIUM | 9.8 CRITICAL |
A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue. | |||||
CVE-2024-8162 | 1 Totolink | 2 T10, T10 Firmware | 2024-08-27 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-36049 | 2024-08-26 | N/A | 6.5 MEDIUM | ||
Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personally identifiable information (PII) and especially payroll data and the ability to impersonate legitimate users with respect to the audit log. | |||||
CVE-2023-41919 | 1 Kiloview | 4 P1, P1 Firmware, P2 and 1 more | 2024-08-22 | N/A | 9.8 CRITICAL |
Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access. | |||||
CVE-2024-8005 | 1 Demozx | 1 Gf Cms | 2024-08-21 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.2 is able to address this issue. The patch is named be702ada7cb6fdabc02689d90b38139c827458a5. It is recommended to upgrade the affected component. | |||||
CVE-2024-41161 | 1 Vonets | 28 Vap11ac, Vap11ac Firmware, Vap11g and 25 more | 2024-08-20 | N/A | 9.8 CRITICAL |
Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and WiFi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials. These accounts cannot be disabled. | |||||
CVE-2023-49221 | 2024-08-20 | N/A | 7.8 HIGH | ||
Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service code. | |||||
CVE-2024-42637 | 2024-08-19 | N/A | 9.8 CRITICAL | ||
H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | |||||
CVE-2024-31798 | 1 Gncchome | 2 Gncc C2, Gncc C2 Firmware | 2024-08-16 | N/A | 6.8 MEDIUM |
Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices | |||||
CVE-2024-3272 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2024-08-14 | 10.0 HIGH | 9.8 CRITICAL |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
CVE-2024-7332 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2024-08-09 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-34219 | 2024-08-08 | N/A | 8.6 HIGH | ||
TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. | |||||
CVE-2024-6890 | 1 Journyx | 1 Journyx | 2024-08-08 | N/A | 8.8 HIGH |
Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password. | |||||
CVE-2024-7170 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2024-08-08 | 2.7 LOW | 8.8 HIGH |
A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-7155 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-08 | 1.0 LOW | 4.7 MEDIUM |
A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-41616 | 1 Dlink | 2 Dir-300, Dir-300 Firmware | 2024-08-07 | N/A | 9.8 CRITICAL |
D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. | |||||
CVE-2024-38466 | 1 Guoxinled | 1 Synthesis Image System | 2024-08-07 | N/A | 9.8 CRITICAL |
Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password. | |||||
CVE-2024-41689 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-08-05 | N/A | 4.6 MEDIUM |
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system. | |||||
CVE-2024-41611 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands. |