Check CVE Id
Check CWE Id
HPE VAN SDN 2.7.18.0503 Remote Root
HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
Solarwinds LEM 6.3.1 Hardcoded Credentials
Cisco Firepower Threat Management Console Hard-Coded MySQL Credentials
AVer Information EH6108H+ Authentication Bypass / Inforation Exposure
Seagate GoFlex Satellite Remote Telnet Default Password
ZTE ZXHN H108N R1A / ZXV10 W300 Traversal / Disclosure / Authorization
SAP NetWeaver AS FKCDBFTRACE ABAP Hardcoded Credentials
Rustem Gazizov, Diana ...
SAP NetWeaver AS LSCT1I13 ABAP Hardcoded Credentials
Rustem Gazizov, Diana ...
AirLink101 SkyIPCam1620W OS Command Injection
SAP FI Manager Self-Service Hardcoded Username
SAP Hard-Coded Credentials
ZTE ZXV10 W300 router contains hardcoded credentials
Franklin Fuelings T550 Evo Access Control / Credentials
TP-Link IP Cameras multiple vulnerabilities
Zavio IP Cameras multiple vulnerabilities
D-Link IP Cameras Injection & Bypass
CVEMAP Search Results
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged.
EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.
IBM Security Identity Governance and Intelligence 5.2 through 126.96.36.199 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153386.
The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.
A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1).
An issue was discovered on MOBOTIX S14 MX-V188.8.131.52 devices. There is a default password of meinsm for the admin account.
A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker could exploit this vulnerability by guessing the account name and password to access the CLI. A successful exploit could allow the attacker to reboot the device repeatedly, creating a denial of service (DoS) condition. It is not possible to change the configuration or view sensitive data with this account. Versions prior to DNAC1.2.8 are affected.
LCDS Laquis SCADA prior to version 184.108.40.20650 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges.
A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.
Back to Top