Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-10179

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-30 Jan, 2017 | 04:24
Updated At-06 Aug, 2024 | 03:14
Rejected At-
Credits

An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:30 Jan, 2017 | 04:24
Updated At:06 Aug, 2024 | 03:14
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
x_refsource_MISC
http://www.securityfocus.com/bid/95877
vdb-entry
x_refsource_BID
Hyperlink: https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/95877
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/95877
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/95877
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:30 Jan, 2017 | 04:59
Updated At:20 Apr, 2025 | 01:37

An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

D-Link Corporation
dlink
>>dwr-932b_firmware>>02.02eu
cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*
D-Link Corporation
dlink
>>dwr-932b>>-
cpe:2.3:h:dlink:dwr-932b:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-798Primarynvd@nist.gov
CWE ID: CWE-798
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/95877cve@mitre.org
Third Party Advisory
VDB Entry
https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.htmlcve@mitre.org
Exploit
Technical Description
Third Party Advisory
http://www.securityfocus.com/bid/95877af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
Technical Description
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/95877
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
Source: cve@mitre.org
Resource:
Exploit
Technical Description
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/95877
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Technical Description
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

323Records found

CVE-2018-6213
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.10% / 86.29%
||
7 Day CHG~0.00%
Published-20 Jun, 2018 | 16:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-620dir-620_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2017-11436
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 77.09%
||
7 Day CHG~0.00%
Published-19 Jul, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-615n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-20432
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-16.53% / 94.64%
||
7 Day CHG~0.00%
Published-14 Sep, 2020 | 13:41
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-covr-2600r_firmwarecovr-3902_firmwarecovr-2600rcovr-3902n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-51629
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-6.3||MEDIUM
EPSS-0.17% / 39.10%
||
7 Day CHG-0.01%
Published-03 May, 2024 | 02:15
Updated-25 Nov, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability

D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the ONVIF API. The issue results from the use of a hardcoded PIN. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21492.

Action-Not Available
Vendor-D-Link Corporation
Product-dcs-8300lhv2dcs-8300lhv2_firmwareDCS-8300LHV2DCS-8300LHV2
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-5074
Matching Score-6
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-6
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-92.44% / 99.72%
||
7 Day CHG+0.21%
Published-20 Sep, 2023 | 15:32
Updated-24 Sep, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass in D-Link D-View 8

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28

Action-Not Available
Vendor-D-Link Corporation
Product-d-view_8D-View 8d-view_8
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-44411
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-1.16% / 77.74%
||
7 Day CHG+0.04%
Published-03 May, 2024 | 02:13
Updated-07 Aug, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability

D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InstallApplication class. The class contains a hard-coded password for the remotely reachable database. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19553.

Action-Not Available
Vendor-D-Link Corporation
Product-d-view_8D-Viewd-view
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-39615
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.20% / 83.77%
||
7 Day CHG~0.00%
Published-23 Aug, 2021 | 21:21
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsr-500ndsr-500n_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-21818
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.59%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 10:24
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-3040_firmwaredir-3040D-Link
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-21913
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.69% / 70.87%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 14:48
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-3040_firmwaredir-3040D-Link
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-21820
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-2.00% / 82.93%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 10:24
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-3040_firmwaredir-3040D-Link
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2017-8415
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.94% / 85.91%
||
7 Day CHG~0.00%
Published-02 Jul, 2019 | 20:13
Updated-05 Aug, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the user at address 0x000538E0 and performs a strcmp at address 0x00053908 to check if the password is correct or incorrect. However, the /etc/shadow file is a part of CRAM-FS filesystem which means that the user cannot change the password and hence a hardcoded hash in /etc/shadow is used to match the credentials provided by the user. This is a salted hash of the string "admin" and hence it acts as a password to the device which cannot be changed as the whole filesystem is read only.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dcs-1100dcs-1130dcs-1100_firmwaredcs-1130_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-35724
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.70%
||
7 Day CHG+0.01%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability

D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The server program contains hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20050.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-6045
Matching Score-6
Assigner-TWCERT/CC
ShareView Details
Matching Score-6
Assigner-TWCERT/CC
CVSS Score-8.8||HIGH
EPSS-7.89% / 91.68%
||
7 Day CHG+0.27%
Published-17 Jun, 2024 | 03:12
Updated-01 Aug, 2024 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link router - Hidden Backdoor

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.

Action-Not Available
Vendor-D-Link Corporation
Product-G415M30R03G403R32R18G416E15M32E30R15R04M60R12M18e15_firmwareg403_firmwaree30_firmware
CWE ID-CWE-912
Hidden Functionality
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2016-10125
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.49%
||
7 Day CHG~0.00%
Published-09 Jan, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dgs-1100-24dgs-1100-08pdgs-1100_firmwaredgs-1100-10mpdgs-1100-18dgs-1100-05dgs-1100-26mpdgs-1100-16dgs-1100-24pdgs-1100-26dgs-1100-05pddgs-1100-10mppdgs-1100-08n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2016-10177
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.06% / 95.27%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 04:24
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dwr-932b_firmwaredwr-932bn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2015-7246
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-33.10% / 96.75%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dvg-n5402sp_firmwaredvg-n5402spn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-29778
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-25.24% / 95.98%
||
7 Day CHG~0.00%
Published-03 Jun, 2022 | 20:19
Updated-28 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-890l_firmwaredir-890ln/adir-890l_firmware
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-41616
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.82% / 73.38%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 00:00
Updated-07 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-300_firmwaredir-300n/adir-300_firmware
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-41610
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.47%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 04:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet service, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-n/adir-820lw_firmware
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-37630
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.54%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 00:00
Updated-29 May, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-605l_firmwaredir-605ln/adir-605l_firmware
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-45698
Matching Score-6
Assigner-TWCERT/CC
ShareView Details
Matching Score-6
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 73.12%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 06:52
Updated-15 Oct, 2024 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link WiFi router - OS Command Injection

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-x4860_firmwaredir-x4860DIR-X4860 A1dir-4860_a1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-20132
Matching Score-6
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-6
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-0.47% / 63.61%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 21:30
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0).

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-2640-usdir-2640-us_firmwareQuagga Services on D-Link DIR-2640 Routers
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-9279
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.22% / 83.84%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 22:41
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsl-2640bdsl-2640b_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-32274
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.6||HIGH
EPSS-0.10% / 28.58%
||
7 Day CHG~0.00%
Published-20 Jun, 2023 | 19:38
Updated-06 Dec, 2024 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Enphase Installer Toolkit Android App Use of Hard-coded Credentials

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information.

Action-Not Available
Vendor-enphaseEnphase
Product-installer_toolkitEnphase Installer Toolkit
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-35252
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.16%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Common Key Vulnerability in Serv-U FTP Server

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-serv-uServ-U FTP Server
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-287
Improper Authentication
CVE-2020-16170
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.06%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:16
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors.

Action-Not Available
Vendor-robotemin/a
Product-temin/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-34812
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.22% / 44.41%
||
7 Day CHG~0.00%
Published-18 Jun, 2021 | 03:00
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-calendarSynology Calendar
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-32077
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-59.99% / 98.19%
||
7 Day CHG~0.00%
Published-24 Aug, 2023 | 21:23
Updated-02 Oct, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netmaker has Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.

Action-Not Available
Vendor-gravitlgravitl
Product-netmakernetmaker
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-14474
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.42% / 79.82%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 18:03
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data.

Action-Not Available
Vendor-cellebriten/a
Product-ufedufed_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-32389
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.77%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 20:28
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates.

Action-Not Available
Vendor-isoden/a
Product-swiftn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-33014
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.86%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 16:33
Updated-16 Apr, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
KUKA KR C4 - Use of Hard-Coded Credentials

An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.

Action-Not Available
Vendor-kukaKUKA
Product-ksskr_c4kr_c4_firmwareKSS (KUKA.SystemSoftware)KR C4
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-13414
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.16%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 20:48
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.

Action-Not Available
Vendor-n/aAviatrix Systems, Inc.
Product-gatewaycontrollern/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-14099
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.95%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 17:52
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.

Action-Not Available
Vendor-n/aXiaomi
Product-ax1800rm1800rm1800_firmwareax1800_firmwareXiaomi Router AX1800,Xiaomi Rourer RM1800
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-30351
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.76%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 00:00
Updated-27 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-cp3_firmwarecp3n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2020-12789
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.97%
||
7 Day CHG~0.00%
Published-14 Sep, 2020 | 13:24
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.

Action-Not Available
Vendor-microchipn/a
Product-atsama5d36a-curatsama5d28c-ld2g-cuatsama5d43b-cur_firmwareatsama5d42b-curatsama5d27c-d5m-cur_firmwareatsama5d34a-cuatsama5d44a-curatsama5d28c-cn_firmwareatsama5d22c-cnratsama5d26c-curatsama5d35a-cu_firmwareatsama5d21c-cur_firmwareatsama5d27c-ld2g-cur_firmwareatsama5d27-som1atsama5d41a-cu_firmwareatsama5d36a-cur_firmwareatsama5d23c-cur_firmwareatsama5d28c-cu_firmwareatsama5d23c-cuatsama5d27c-d5m-curatsama5d31a-cfuatsama5d27c-cnvaoatsama5d41b-cuatsama5d28c-ld1g-cur_firmwareatsama5d21c-cuatsama5d26c-cn_firmwareatsama5d41a-cuatsama5d28c-ld2g-cu_firmwareatsama5d42a-cuatsama5d43a-cuatsama5d33a-cu_firmwareatsama5d36a-cuatsama5d27c-d1g-cu_firmwareatsama5d43b-cu_firmwareatsama5d34a-cur_firmwareatsama5d22c-cnr_firmwareatsama5d225c-d1m-cur_firmwareatsama5d43b-curatsama5d27c-cnatsama5d33a-cuatsama5d42b-cu_firmwareatsama5d23c-cnr_firmwareatsama5d44b-cu_firmwareatsama5d31a-cuatsama5d27c-cur_firmwareatsama5d27-wlsom1_firmwareatsama5d23c-curatsama5d24c-cuf_firmwareatsama5d28c-cuatsama5d34a-cu_firmwareatsama5d28c-curatsama5d43a-cur_firmwareatsama5d27c-ld2g-cu_firmwareatsama5d24c-cuatsama5d27c-cnrvao_firmwareatsama5d33a-cur_firmwareatsama5d24c-cur_firmwareatsama5d28c-cnratsama5d28c-ld1g-cu_firmwareatsama5d27c-curatsama5d21c-curatsama5d27c-d5m-cu_firmwareatsama5d35a-cnr_firmwareatsama5d42b-cuatsama5d36a-cnr_firmwareatsama5d24c-cufatsama5d44b-cuatsama5d27c-cn_firmwareatsama5d35a-cn_firmwareatsama5d42a-curatsama5d24c-cu_firmwareatsama5d27c-cnvao_firmwareatsama5d27c-cnratsama5d27c-ld1g-curatsama5d27c-ld2g-curatsama5d44a-cur_firmwareatsama5d27c-ld1g-cu_firmwareatsama5d225c-d1m-curatsama5d28c-ld1g-cuatsama5d27c-d1g-cuatsama5d28c-ld1g-curatsama5d22c-cur_firmwareatsama5d24c-curatsama5d28c-ld2g-cur_firmwareatsama5d44b-cur_firmwareatsama5d41b-cu_firmwareatsama5d41a-curatsama5d27c-d5m-cuatsama5d43a-curatsama5d26c-cnatsama5d31a-cfu_firmwareatsama5d36a-cn_firmwareatsama5d21c-cu_firmwareatsama5d31a-cfur_firmwareatsama5d36a-cnratsama5d27-som1_firmwareatsama5d41b-curatsama5d33a-curatsama5d26c-cnratsama5d27c-cnrvaoatsama5d41a-cur_firmwareatsama5d44a-cuatsama5d26c-cu_firmwareatsama5d35a-cnratsama5d22c-cu_firmwareatsama5d23c-cn_firmwareatsama5d23c-cnratsama5d31a-curatsama5d36a-cnatsama5d27c-ld2g-cuatsama5d22c-cuatsama5d27c-d1g-cur_firmwareatsama5d28c-ld2g-curatsama5d41b-cur_firmwareatsama5d43b-cuatsama5d36a-cu_firmwareatsama5d27c-ld1g-cur_firmwareatsama5d26c-cur_firmwareatsama5d42a-cu_firmwareatsama5d31a-cu_firmwareatsama5d27c-cnr_firmwareatsama5d22c-cn_firmwareatsama5d28c-d1g-cuatsama5d22c-curatsama5d28c-d1g-cur_firmwareatsama5d26c-cuatsama5d27c-cu_firmwareatsama5d31a-cfuratsama5d43a-cu_firmwareatsama5d35a-cur_firmwareatsama5d35a-curatsama5d23c-cnatsama5d26c-cnr_firmwareatsama5d23c-cu_firmwareatsama5d28c-cnr_firmwareatsama5d28c-cur_firmwareatsama5d28c-d1g-cu_firmwareatsama5d35a-cnatsama5d22c-cnatsama5d27c-d1g-curatsama5d27-wlsom1atsama5d44b-curatsama5d42a-cur_firmwareatsama5d27c-cuatsama5d34a-curatsama5d44a-cu_firmwareatsama5d28c-d1g-curatsama5d42b-cur_firmwareatsama5d31a-cur_firmwareatsama5d35a-cuatsama5d27c-ld1g-cuatsama5d28c-cnn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-12110
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.08% / 76.98%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 13:49
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-nc200_firmwarenc220nc450_firmwarenc250_firmwarenc260_firmwarenc260nc250nc210nc210_firmwarenc200nc230nc450nc230_firmwarenc220_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-11719
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.34%
||
7 Day CHG~0.00%
Published-23 Dec, 2020 | 16:02
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It relies on broken encryption with a weak and guessable static encryption key.

Action-Not Available
Vendor-bilancn/a
Product-bilancn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-11487
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.66%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationIntel Corporation
Product-bmc_firmwaredgx_a100dgx-1dgx-2NVIDIA DGX Servers
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-11615
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.66%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationIntel Corporation
Product-bmc_firmwaredgx-1NVIDIA DGX Servers
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-10270
Matching Score-4
Assigner-Alias Robotics S.L.
ShareView Details
Matching Score-4
Assigner-Alias Robotics S.L.
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.43%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 04:50
Updated-17 Sep, 2024 | 02:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RVD#2557: Hardcoded Credentials on MiRX00 Control Dashboard

Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000.

Action-Not Available
Vendor-enabled-roboticsaliasroboticsmobile-industrial-roboticsuvd-robotsMobile Industrial Robots A/S
Product-er200mir250_firmwareer200_firmwareer-flex_firmwaremir500mir100_firmwareuvd_robots_firmwareer-oneer-lite_firmwaremir1000_firmwaremir500_firmwaremir200_firmwareer-liteer-flexer-one_firmwareuvd_robotsmir100mir200mir1000mir250MiR100
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-10269
Matching Score-4
Assigner-Alias Robotics S.L.
ShareView Details
Matching Score-4
Assigner-Alias Robotics S.L.
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 53.25%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 05:05
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RVD#2566: Hardcoded Credentials on MiRX00 wireless Access Point

One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in MiR100 and MiR200 but it might also apply to MiR250, MiR500 and MiR1000.

Action-Not Available
Vendor-enabled-roboticsaliasroboticsmobile-industrial-roboticsuvd-robotsMobile Industrial Robots A/S
Product-er200mir250_firmwareer200_firmwareer-flex_firmwaremir500mir200mir100_firmwareuvd_robots_firmwareer-oneer-lite_firmwaremir1000_firmwaremir500_firmwareer-liteer-flexer-one_firmwareuvd_robotsmir100mir200_firmwaremir1000mir250MiR100
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-9975
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.30% / 78.90%
||
7 Day CHG~0.00%
Published-11 Apr, 2019 | 18:08
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.

Action-Not Available
Vendor-dasannetworksn/a
Product-h660rm_firmwareh660rmn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-30165
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.94%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 03:07
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EDIMAX Technology Co., Ltd. HD Wireless Day & Night Network Camera IC-3140W - Hard-coded password

The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices.

Action-Not Available
Vendor-Edimax Technology Company Ltd.
Product-ic-3140wic-3140w_firmwareIC-3140W
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-32988
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.23% / 46.05%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 07:37
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered.

Action-Not Available
Vendor-i-plug inc.iplug
Product-'OfferBox' App for Android'OfferBox' App for iOSofferbox_app_for_iosofferbox_app_for_android
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-29691
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 20.52%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 15:10
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-security_identity_managersolarislinux_kernelwindowsaixSecurity Identity Manager
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27167
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 44.08%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:36
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init_3bb_password in libci_adaptation_layer.so.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-29966
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.06%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 04:53
Updated-04 Feb, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
hard-coded credentials in the documentation that appear as the appliance root password

Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance.

Action-Not Available
Vendor-Broadcom Inc.Brocade Communications Systems, Inc. (Broadcom Inc.)
Product-brocade_sannavBrocade SANnav sannav
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-5137
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.13%
||
7 Day CHG~0.00%
Published-25 Feb, 2020 | 15:38
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-awk-3131aawk-3131a_firmwareMoxa
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-4327
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.35%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 18:13
Updated-04 Aug, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."

Action-Not Available
Vendor-n/aHCL Technologies Ltd.
Product-appscan"HCL AppScan Enterprise Edition"
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2014-5434
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 47.95%
||
7 Day CHG~0.00%
Published-26 Mar, 2019 | 14:59
Updated-06 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.

Action-Not Available
Vendor-Baxter International, Inc.
Product-sigma_spectrum_infusion_system_firmwaresigma_spectrum_infusion_systemwireless_battery_moduleSIGMA Spectrum Infusion System
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found