Total
1273 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22429 | 1 Wolt | 1 Wolt Delivery | 2024-11-21 | N/A | 7.8 HIGH |
| Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials (API key for an external service), which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary. | |||||
| CVE-2023-22344 | 1 Dos-osaka | 2 Rakuraku Pc Cloud Agent, Ss1 | 2024-11-21 | N/A | 9.8 CRITICAL |
| Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | |||||
| CVE-2023-21652 | 1 Qualcomm | 240 Aqt1000, Aqt1000 Firmware, Ar8035 and 237 more | 2024-11-21 | N/A | 7.7 HIGH |
| Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. | |||||
| CVE-2023-21524 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | |||||
| CVE-2023-21426 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.3 MEDIUM |
| Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN. | |||||
| CVE-2023-20101 | 1 Cisco | 1 Emergency Responder | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. | |||||
| CVE-2023-20038 | 1 Cisco | 1 Industrial Network Director | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director. | |||||
| CVE-2023-1944 | 1 Kubernetes | 1 Minikube | 2024-11-21 | N/A | 8.4 HIGH |
| This vulnerability enables ssh access to minikube container using a default password. | |||||
| CVE-2023-1748 | 1 Getnexx | 8 Nxal-100, Nxal-100 Firmware, Nxg-100b and 5 more | 2024-11-21 | N/A | 9.3 CRITICAL |
| The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer. | |||||
| CVE-2023-1269 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 9.8 CRITICAL |
| Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2023-0808 | 3 Bosswerk, Deyeinverter, Revolt-power | 6 Inverter, Inverter Firmware, Inverter and 3 more | 2024-11-21 | 3.7 LOW | 3.9 LOW |
| A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability. | |||||
| CVE-2023-0391 | 1 Mgt-commerce | 1 Cloudpanel | 2024-11-21 | N/A | 8.1 HIGH |
| MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1. | |||||
| CVE-2022-4780 | 1 Elvexys | 1 Isos Firmware | 2024-11-21 | N/A | 4.5 MEDIUM |
| ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change. | |||||
| CVE-2022-4611 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216273 was assigned to this vulnerability. | |||||
| CVE-2022-4333 | 1 Sprecher-automation | 18 Sprecon-e-c, Sprecon-e-c Firmware, Sprecon-e-p Dl6-1 and 15 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines. | |||||
| CVE-2022-48113 | 1 Totolink | 2 N200re-v5, N200re-v5 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials. | |||||
| CVE-2022-48067 | 1 Totolink | 2 A830r, A830r Firmware | 2024-11-21 | N/A | 5.5 MEDIUM |
| An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack. | |||||
| CVE-2022-47891 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2024-11-21 | N/A | 8.1 HIGH |
| All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function. | |||||
| CVE-2022-47618 | 1 Meritlilin | 4 Ah55b04, Ah55b04 Firmware, Ah55b08 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service. | |||||
| CVE-2022-47617 | 1 Hitrontech | 2 Coda-5310, Coda-5310 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption. | |||||