Total
1530 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36612 | 1 Totolink | 2 A950rg, A950rg Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36611 | 1 Totolink | 2 A800r, A800r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36610 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36560 | 1 Seiko-sol | 2 Skybridge Mb-a200, Skybridge Mb-a200 Firmware | 2024-11-21 | 9.8 Critical |
| Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh. | ||||
| CVE-2022-36558 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2024-11-21 | 9.8 Critical |
| Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg. | ||||
| CVE-2022-36171 | 1 Mapgis | 1 Mapgis Igserver | 2024-11-21 | 8.1 High |
| MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. | ||||
| CVE-2022-36170 | 1 Mapgis | 1 Igserver | 2024-11-21 | 8.8 High |
| MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion. | ||||
| CVE-2022-35866 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139. | ||||
| CVE-2022-35857 | 1 Kvf-admin Project | 1 Kvf-admin | 2024-11-21 | 9.8 Critical |
| kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file. | ||||
| CVE-2022-35734 | 1 Hjholdings | 1 Hulu | 2024-11-21 | 7.5 High |
| 'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | ||||
| CVE-2022-35582 | 1 Pentasecurity | 1 Wapples | 2024-11-21 | 8.8 High |
| Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control. | ||||
| CVE-2022-35540 | 1 Dotnetcore | 1 Agileconfig | 2024-11-21 | 9.8 Critical |
| Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. | ||||
| CVE-2022-35491 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. | ||||
| CVE-2022-35413 | 1 Pentasecurity | 1 Wapples | 2024-11-21 | 9.8 Critical |
| WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001. | ||||
| CVE-2022-35287 | 1 Ibm | 1 Security Verify Information Queue | 2024-11-21 | 7.5 High |
| IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817. | ||||
| CVE-2022-34993 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-11-21 | 9.8 Critical |
| Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. | ||||
| CVE-2022-34907 | 1 Filewave | 1 Filewave | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform. | ||||
| CVE-2022-34906 | 1 Filewave | 1 Filewave | 2024-11-21 | 7.5 High |
| A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests. | ||||
| CVE-2022-34425 | 1 Dell | 1 Enterprise Sonic Distribution | 2024-11-21 | 7.5 High |
| Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | ||||
| CVE-2022-34151 | 1 Omron | 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more | 2024-11-21 | 8.1 High |
| Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. | ||||