Total
1529 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14376 | 1 Emc | 1 Appsync | 2025-04-20 | N/A |
| EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. | ||||
| CVE-2017-3186 | 1 Acti | 1 Camera Firmware | 2025-04-20 | N/A |
| ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials. | ||||
| CVE-2017-3184 | 1 Acti | 1 Camera Firmware | 2025-04-20 | N/A |
| ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186). | ||||
| CVE-2017-5230 | 1 Rapid7 | 1 Nexpose | 2025-04-20 | N/A |
| The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk. | ||||
| CVE-2017-5167 | 1 Binom3 | 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware | 2025-04-20 | N/A |
| An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords. | ||||
| CVE-2017-14143 | 1 Kaltura | 1 Kaltura Server | 2025-04-20 | N/A |
| The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie. | ||||
| CVE-2015-4667 | 1 Xceedium | 1 Xsuite | 2025-04-20 | N/A |
| Multiple hardcoded credentials in Xsuite 2.x. | ||||
| CVE-2017-14115 | 2 Att, Commscope | 3 U-verse Firmware, Arris Nvg589, Arris Nvg599 | 2025-04-20 | N/A |
| The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands. | ||||
| CVE-2016-8954 | 1 Ibm | 1 Dashdb Local | 2025-04-20 | N/A |
| IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. | ||||
| CVE-2017-14027 | 1 Korenix | 18 Jetnet5018g Firmware, Jetnet5310g Firmware, Jetnet5428g-2g-2fx Firmware and 15 more | 2025-04-20 | N/A |
| A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access. | ||||
| CVE-2017-3222 | 1 Inmarsat | 1 Amosconnect | 2025-04-20 | 9.8 Critical |
| Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager. | ||||
| CVE-2017-17107 | 1 Zivif | 2 Pr115-204-p-rs, Pr115-204-p-rs Firmware | 2025-04-20 | N/A |
| Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session. | ||||
| CVE-2022-37832 | 1 Mutiny | 1 Mutiny | 2025-04-18 | 9.8 Critical |
| Mutiny 7.2.0-10788 suffers from Hardcoded root password. | ||||
| CVE-2021-35252 | 1 Solarwinds | 1 Serv-u | 2025-04-17 | 7.5 High |
| Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext. | ||||
| CVE-2021-22644 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | 7.5 High |
| Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. | ||||
| CVE-2022-36222 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2025-04-16 | 8.4 High |
| Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. | ||||
| CVE-2021-27430 | 1 Ge | 1 Ur Bootloader Binary | 2025-04-16 | 8.4 High |
| GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR. | ||||
| CVE-2021-33014 | 1 Kuka | 3 Kr C4, Kr C4 Firmware, Kss | 2025-04-16 | 8.8 High |
| An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. | ||||
| CVE-2024-22083 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | 6.5 Medium |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks. | ||||
| CVE-2021-23233 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more | 2025-04-16 | 7.3 High |
| Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters. | ||||