CWE:

	Topic	Date	Author
High	SAP Wily Introscope Enterprise Default Hard-Coded Credentials	15.06.2021	Yvan Genuer
Med.	CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed	27.05.2021	Jim Becher
High	Barco wePresent Global Hardcoded Root SSH Password	21.11.2020	Jim Becher
Med.	Barco wePresent Hardcoded API Credentials	21.11.2020	Jim Becher
High	Heatmiser Netmonitor 3.03 Hardcoded Credentials	31.12.2019	Ismail Tasdelen
Med.	Fortinet FortiRecorder 2.7.3 Hardcoded Password	08.08.2019	XORcat
High	HPE VAN SDN 2.7.18.0503 Remote Root	28.06.2018	KoreLogic
High	HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root	27.06.2018	Matthew Bergin
High	Solarwinds LEM 6.3.1 Hardcoded Credentials	25.04.2017	Matt Bergin
High	Cisco Firepower Threat Management Console Hard-Coded MySQL Credentials	06.10.2016	Matt Bergin
High	AVer Information EH6108H+ Authentication Bypass / Inforation Exposure	28.09.2016	Multiple
High	Seagate GoFlex Satellite Remote Telnet Default Password	19.12.2015	Matt Bergin
High	ZTE ZXHN H108N R1A / ZXV10 W300 Traversal / Disclosure / Authorization	21.11.2015	Karn Ganeshen
High	SAP NetWeaver AS FKCDBFTRACE ABAP Hardcoded Credentials	10.09.2015	Rustem Gazizov, Diana ...
High	SAP NetWeaver AS LSCT1I13 ABAP Hardcoded Credentials	10.09.2015	Rustem Gazizov, Diana ...
High	AirLink101 SkyIPCam1620W OS Command Injection	09.07.2015	CORE
Low	SAP FI Manager Self-Service Hardcoded Username	30.07.2014	Onapsis
Med.	SAP Hard-Coded Credentials	07.06.2014	Ezequiel Gutesman
High	ZTE ZXV10 W300 router contains hardcoded credentials	09.02.2014	USCERT
Med.	Franklin Fuelings T550 Evo Access Control / Credentials	22.01.2014	Matt Jakubowski
High	TP-Link IP Cameras multiple vulnerabilities	28.05.2013	CORE
High	Zavio IP Cameras multiple vulnerabilities	28.05.2013	CORE
High	D-Link IP Cameras Injection & Bypass	30.04.2013	CORE

---

CVEMAP Search Results

CVE

Details

Description

2024-04-10

CVE-2024-31873

Updating...

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.

2024-04-04

CVE-2024-3272

Updating...

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

2024-03-20

CVE-2024-2197

Updating...

Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access.

2024-02-20

CVE-2024-1661

Updating...

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

2024-02-15

CVE-2023-6255

Updating...

Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before 5.0.8.

2024-02-14

CVE-2023-6409

Updating...

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert.

2024-02-13

CVE-2024-23816

Updating...

A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application.

2024-02-10

CVE-2024-22313

Updating...

IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.

2023-12-20

CVE-2023-47704

Updating...

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220.

2023-12-12

CVE-2023-36647

Updating...

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.

 

---

Copyright 2024, cxsecurity.com