CWE:
 

Topic
Date
Author
High
SAP Wily Introscope Enterprise Default Hard-Coded Credentials
15.06.2021
Yvan Genuer
Med.
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed
27.05.2021
Jim Becher
High
Barco wePresent Global Hardcoded Root SSH Password
21.11.2020
Jim Becher
Med.
Barco wePresent Hardcoded API Credentials
21.11.2020
Jim Becher
High
Heatmiser Netmonitor 3.03 Hardcoded Credentials
31.12.2019
Ismail Tasdelen
Med.
Fortinet FortiRecorder 2.7.3 Hardcoded Password
08.08.2019
XORcat
High
HPE VAN SDN 2.7.18.0503 Remote Root
28.06.2018
KoreLogic
High
HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
27.06.2018
Matthew Bergin
High
Solarwinds LEM 6.3.1 Hardcoded Credentials
25.04.2017
Matt Bergin
High
Cisco Firepower Threat Management Console Hard-Coded MySQL Credentials
06.10.2016
Matt Bergin
High
AVer Information EH6108H+ Authentication Bypass / Inforation Exposure
28.09.2016
Multiple
High
Seagate GoFlex Satellite Remote Telnet Default Password
19.12.2015
Matt Bergin
High
ZTE ZXHN H108N R1A / ZXV10 W300 Traversal / Disclosure / Authorization
21.11.2015
Karn Ganeshen
High
SAP NetWeaver AS FKCDBFTRACE ABAP Hardcoded Credentials
10.09.2015
Rustem Gazizov, Diana ...
High
SAP NetWeaver AS LSCT1I13 ABAP Hardcoded Credentials
10.09.2015
Rustem Gazizov, Diana ...
High
AirLink101 SkyIPCam1620W OS Command Injection
09.07.2015
CORE
Low
SAP FI Manager Self-Service Hardcoded Username
30.07.2014
Onapsis
Med.
SAP Hard-Coded Credentials
07.06.2014
Ezequiel Gutesman
High
ZTE ZXV10 W300 router contains hardcoded credentials
09.02.2014
USCERT
Med.
Franklin Fuelings T550 Evo Access Control / Credentials
22.01.2014
Matt Jakubowski
High
TP-Link IP Cameras multiple vulnerabilities
28.05.2013
CORE
High
Zavio IP Cameras multiple vulnerabilities
28.05.2013
CORE
High
D-Link IP Cameras Injection & Bypass
30.04.2013
CORE


CVEMAP Search Results

CVE
Details
Description
2022-11-09
Waiting for details
CVE-2021-34577

Updating...
 

 
In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device.

 
2022-10-25
Waiting for details
CVE-2022-29477

Updating...
 

 
An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability.

 
Waiting for details
CVE-2022-29889

Updating...
 

 
A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability.

 
2022-10-14
Waiting for details
CVE-2022-38420

Updating...
 

 
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction.

 
2022-10-06
Waiting for details
CVE-2022-39273

Updating...
 

 

 
2022-09-28
Waiting for details
CVE-2022-22522

Updating...
 

 
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.

 
Waiting for details
CVE-2022-28812

Updating...
 

 
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.

 
2022-08-03
Waiting for details
CVE-2022-35866

Updating...
 

 
This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.

 
2022-07-20
Waiting for details
CVE-2022-2107

Updating...
 

 

 
2022-07-17
Medium
CVE-2022-31210

Updating...
 

 
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top