CWE:
 

Topic
Date
Author
High
SAP Wily Introscope Enterprise Default Hard-Coded Credentials
15.06.2021
Yvan Genuer
Med.
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed
27.05.2021
Jim Becher
High
Barco wePresent Global Hardcoded Root SSH Password
21.11.2020
Jim Becher
Med.
Barco wePresent Hardcoded API Credentials
21.11.2020
Jim Becher
High
Heatmiser Netmonitor 3.03 Hardcoded Credentials
31.12.2019
Ismail Tasdelen
Med.
Fortinet FortiRecorder 2.7.3 Hardcoded Password
08.08.2019
XORcat
High
HPE VAN SDN 2.7.18.0503 Remote Root
28.06.2018
KoreLogic
High
HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
27.06.2018
Matthew Bergin
High
Solarwinds LEM 6.3.1 Hardcoded Credentials
25.04.2017
Matt Bergin
High
Cisco Firepower Threat Management Console Hard-Coded MySQL Credentials
06.10.2016
Matt Bergin
High
AVer Information EH6108H+ Authentication Bypass / Inforation Exposure
28.09.2016
Multiple
High
Seagate GoFlex Satellite Remote Telnet Default Password
19.12.2015
Matt Bergin
High
ZTE ZXHN H108N R1A / ZXV10 W300 Traversal / Disclosure / Authorization
21.11.2015
Karn Ganeshen
High
SAP NetWeaver AS FKCDBFTRACE ABAP Hardcoded Credentials
10.09.2015
Rustem Gazizov, Diana ...
High
SAP NetWeaver AS LSCT1I13 ABAP Hardcoded Credentials
10.09.2015
Rustem Gazizov, Diana ...
High
AirLink101 SkyIPCam1620W OS Command Injection
09.07.2015
CORE
Low
SAP FI Manager Self-Service Hardcoded Username
30.07.2014
Onapsis
Med.
SAP Hard-Coded Credentials
07.06.2014
Ezequiel Gutesman
High
ZTE ZXV10 W300 router contains hardcoded credentials
09.02.2014
USCERT
Med.
Franklin Fuelings T550 Evo Access Control / Credentials
22.01.2014
Matt Jakubowski
High
TP-Link IP Cameras multiple vulnerabilities
28.05.2013
CORE
High
Zavio IP Cameras multiple vulnerabilities
28.05.2013
CORE
High
D-Link IP Cameras Injection & Bypass
30.04.2013
CORE


CVEMAP Search Results

CVE
Details
Description
2022-05-11
Medium
CVE-2021-38969

Vendor: IBM
Software: Spectrum vir...
 

 
IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609.

 
2022-04-14
Medium
CVE-2021-40390

Vendor: MOXA
Software: Mxview
 

 
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability.

 
High
CVE-2021-40422

Updating...
 

 
An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.

 
Low
CVE-2020-25168

Updating...
 

 

 
2022-04-12
Medium
CVE-2022-22560

Vendor: DELL
Software: Emc powersca...
 

 
Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline.

 
2022-04-07
Medium
CVE-2022-26671

Vendor: Secom
Software: Dr.id access...
 

 

 
2022-04-06
Medium
CVE-2022-23440

Vendor: Fortinet
Software: Fortiedr
 

 
A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment.

 
Medium
CVE-2022-23441

Vendor: Fortinet
Software: Fortiedr
 

 
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors.

 
2022-04-04
Medium
CVE-2022-1162

Vendor: Gitlab
Software: Gitlab
 

 
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts

 
2022-04-03
Medium
CVE-2021-30064

Updating...
 

 
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).

 

 


Copyright 2022, cxsecurity.com

 

Back to Top