CWE:
 

Topic
Date
Author
Med.
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password
27.05.2021
Jim Becher
Low
Barracuda WAF V360 Firmware 8.0.1.014 Grub Password Complexity
07.07.2017
Matt Bergin
High
SAP Hybris E-commerce Suite 5.1.0.3 Hard-Coded Password
17.08.2016
Aleksey Tyurin
High
Lorex ECO DVR Backdoor Account
01.06.2016
Andrew Hofmans
High
LIXIL Satis Toilet Hard-Coded Bluetooth PIN
02.08.2013
Daniel Crowley


CVEMAP Search Results

CVE
Details
Description
2023-06-14
Waiting for details
CVE-2023-3237

Updating...
 

 
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508.

 
2023-05-18
Waiting for details
CVE-2023-2799

Updating...
 

 
A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229376. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

 
2023-05-11
Waiting for details
CVE-2023-2645

Updating...
 

 
A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded password. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-228774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

 
2023-05-09
Waiting for details
CVE-2023-29103

Updating...
 

 
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected data.

 
2023-02-13
Waiting for details
CVE-2023-0808

Updating...
 

 
A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability.

 
2023-01-18
Waiting for details
CVE-2022-45444

Updating...
 

 

 
2023-01-07
Waiting for details
CVE-2018-25069

Updating...
 

 
A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The identifier VDB-217593 was assigned to this vulnerability.

 
2023-01-01
Waiting for details
CVE-2014-125030

Updating...
 

 
A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The name of the patch is 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a patch to fix this issue. VDB-217154 is the identifier assigned to this vulnerability.

 
2022-12-13
Waiting for details
CVE-2022-41653

Updating...
 

 
Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system.

 
2022-08-05
Waiting for details
CVE-2022-22144

Updating...
 

 
A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this vulnerability.

 

 


Copyright 2023, cxsecurity.com

 

Back to Top