Vulnerabilities (CVE)

Filtered by CWE-798
Total 1273 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-33895 1 Hms-networks 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more 2024-09-03 N/A 6.6 MEDIUM
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device.
CVE-2024-39838 1 Zexelon 2 Zwx-2000csw2-hn, Zwx-2000csw2-hn Firmware 2024-08-30 N/A 8.8 HIGH
ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device.
CVE-2024-6633 1 Fortra 1 Filecatalyst Workflow 2024-08-30 N/A 9.8 CRITICAL
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.
CVE-2024-4708 1 Myscada 1 Mypro 2024-08-29 N/A 9.8 CRITICAL
mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
CVE-2024-8135 1 Gotribe 1 Gotribe 2024-08-27 5.8 MEDIUM 9.8 CRITICAL
A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue.
CVE-2024-8162 1 Totolink 2 T10, T10 Firmware 2024-08-27 10.0 HIGH 9.8 CRITICAL
A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-36049 2024-08-26 N/A 6.5 MEDIUM
Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personally identifiable information (PII) and especially payroll data and the ability to impersonate legitimate users with respect to the audit log.
CVE-2023-41919 1 Kiloview 4 P1, P1 Firmware, P2 and 1 more 2024-08-22 N/A 9.8 CRITICAL
Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access.
CVE-2024-8005 1 Demozx 1 Gf Cms 2024-08-21 7.5 HIGH 9.8 CRITICAL
A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.2 is able to address this issue. The patch is named be702ada7cb6fdabc02689d90b38139c827458a5. It is recommended to upgrade the affected component.
CVE-2024-41161 1 Vonets 28 Vap11ac, Vap11ac Firmware, Vap11g and 25 more 2024-08-20 N/A 9.8 CRITICAL
Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and WiFi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials. These accounts cannot be disabled.
CVE-2023-49221 2024-08-20 N/A 7.8 HIGH
Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service code.
CVE-2024-42637 2024-08-19 N/A 9.8 CRITICAL
H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVE-2024-31798 1 Gncchome 2 Gncc C2, Gncc C2 Firmware 2024-08-16 N/A 6.8 MEDIUM
Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices
CVE-2024-7332 1 Totolink 2 Cp450, Cp450 Firmware 2024-08-09 10.0 HIGH 9.8 CRITICAL
A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-34219 2024-08-08 N/A 8.6 HIGH
TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet.
CVE-2024-6890 1 Journyx 1 Journyx 2024-08-08 N/A 8.8 HIGH
Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.
CVE-2024-7170 1 Totolink 2 A3000ru, A3000ru Firmware 2024-08-08 2.7 LOW 8.8 HIGH
A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7155 1 Totolink 2 A3300r, A3300r Firmware 2024-08-08 1.0 LOW 4.7 MEDIUM
A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-41616 1 Dlink 2 Dir-300, Dir-300 Firmware 2024-08-07 N/A 9.8 CRITICAL
D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.
CVE-2024-38466 1 Guoxinled 1 Synthesis Image System 2024-08-07 N/A 9.8 CRITICAL
Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password.