Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-25291

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-07 Jan, 2026 | 23:10
Updated At-08 Jan, 2026 | 19:24
Rejected At-
Credits

INIM Electronics Smartliving SmartLAN/G/SI <=6.x Hard-coded Credentials Vulnerability

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:07 Jan, 2026 | 23:10
Updated At:08 Jan, 2026 | 19:24
Rejected At:
â–¼CVE Numbering Authority (CNA)
INIM Electronics Smartliving SmartLAN/G/SI <=6.x Hard-coded Credentials Vulnerability

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.

Affected Products
Vendor
INIM Electronics s.r.l.
Product
Smartliving SmartLAN/G/SI
Versions
Affected
  • <=6.x
  • 505
  • 515
  • 1050
  • 1050/G3
  • 10100L
  • 10100L/G3
Problem Types
TypeCWE IDDescription
CWECWE-798Use of Hard-coded Credentials
Type: CWE
CWE ID: CWE-798
Description: Use of Hard-coded Credentials
Metrics
VersionBase scoreBase severityVector
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
LiquidWorm as Gjoko Krstic of Zero Science Lab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.php
third-party-advisory
https://www.exploit-db.com/exploits/47763
exploit
https://packetstormsecurity.com/files/155618
exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/172838
vdb-entry
https://www.inim.biz/
product
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.php
Resource:
third-party-advisory
Hyperlink: https://www.exploit-db.com/exploits/47763
Resource:
exploit
Hyperlink: https://packetstormsecurity.com/files/155618
Resource:
exploit
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/172838
Resource:
vdb-entry
Hyperlink: https://www.inim.biz/
Resource:
product
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:08 Jan, 2026 | 00:15
Updated At:08 Jan, 2026 | 18:08

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-798Primarydisclosure@vulncheck.com
CWE ID: CWE-798
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/172838disclosure@vulncheck.com
N/A
https://packetstormsecurity.com/files/155618disclosure@vulncheck.com
N/A
https://www.exploit-db.com/exploits/47763disclosure@vulncheck.com
N/A
https://www.inim.biz/disclosure@vulncheck.com
N/A
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.phpdisclosure@vulncheck.com
N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/172838
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://packetstormsecurity.com/files/155618
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/47763
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.inim.biz/
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.php
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

173Records found
CVE-2023-32077
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-86.56% / 99.40%
||
7 Day CHG+1.89%
Published-24 Aug, 2023 | 21:23
Updated-02 Oct, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netmaker has Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.

Action-Not Available
Vendor-gravitlgravitl
Product-netmakernetmaker
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-30351
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.57%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 00:00
Updated-27 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-cp3_firmwarecp3n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-41595
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.73%
||
7 Day CHG~0.00%
Published-18 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.

Action-Not Available
Vendor-vaxilun/a
Product-x-uin/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-20412
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 20.26%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 16:35
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-34034
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.07% / 21.11%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 00:59
Updated-29 Nov, 2025 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
5VTechnologies Blue Angel Software Suite Hardcoded Credentials

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.

Action-Not Available
Vendor-5vtechnologies5VTechnologies
Product-blue_angel_software_suiteBlue Angel Software Suite
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-20748
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.00%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 01:20
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.

Action-Not Available
Vendor-rettyRetty Inc.
Product-rettyRetty App
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-2660
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.28%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 21:26
Updated-16 Apr, 2025 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dialinkIndustrial Automation DIALink
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-9289
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.5||HIGH
EPSS-1.02% / 76.90%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 20:12
Updated-25 Oct, 2024 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortianalyzerfortimanagerFortinet FortiManager
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-34906
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.29%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 20:26
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests.

Action-Not Available
Vendor-filewaven/a
Product-filewaven/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-34425
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.49% / 65.13%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 20:55
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.

Action-Not Available
Vendor-Dell Inc.
Product-enterprise_sonic_distributionEnterprise SONiC OS
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-48055
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.77%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 00:00
Updated-29 Aug, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications.

Action-Not Available
Vendor-superagin/a
Product-superagin/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-29827
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 76.78%
||
7 Day CHG~0.00%
Published-24 Nov, 2022 | 23:22
Updated-25 Apr, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project files or execute programs illegally.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gx_works3GX Works3
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-4130
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.99%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 14:01
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded Credentials in PAVO Inc.'s PAVO Pay

Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable.This issue affects PAVO Pay: before 13.05.2025.

Action-Not Available
Vendor-PAVO Inc.
Product-PAVO Pay
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-38741
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.02%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 18:22
Updated-14 Jan, 2026 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.

Action-Not Available
Vendor-Dell Inc.
Product-enterprise_sonic_osEnterprise SONiC OS
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-6979
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.69%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 20:21
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-eds-g516e_firmwareeds-g516eeds-510e_firmwareeds-510eMoxa EDS-G516E Series firmware, Version 5.2 or lower
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-35296
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.73%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 15:04
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access.

Action-Not Available
Vendor-thinkadminn/a
Product-thinkadminn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-35451
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-9.3||CRITICAL
EPSS-0.15% / 36.15%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 17:43
Updated-14 Jan, 2026 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.

Action-Not Available
Vendor-multicam-systemsvaluehdsmtavValueHDSMTAVmultiCAM SystemsPTZOptics
Product-v60xlvx800i2ptvl-zcamba20s_firmwarebx20uhd_firmwarevl_fixed_camera_firmwaremcamii_ptz_firmwarebx20uhd-n_firmwarept20x-ndi-xx_firmwarebv20sbv30spt12x-ndi-xx_firmwarevx60alpt20x-ndi-xxpteptz-ndi-zcam-g2vx60al_firmwareba30s_firmwarev63xlvx90ba12-nvx60asl_firmwareba12svx752a_firmwarevx71uvs_firmwarevx800i2_firmwarevx61baslba20-nvx61basl_firmwarept20x-zcambv30s_firmwarept30x-sdi-xx-g2_firmwareba12-n_firmwarevx630alba12s_firmwarevx751bapt12x-sdi-xx-g2ndi_fixed_camerapt12x-zcampt20x-zcam_firmwarev71uvshd17h-n_firmwarevx61aslpt20x-usb-xx-g2bx20nvx630al_firmwarehd17hv63xl_firmwareba20-n_firmwarept20x-sdi-xx-g2bx20uhd-nv61w_firmwarevx61asl_firmwareba20sbx20n_firmwarept30x-ndi-xxvx752ag_firmwarevx70uvs_firmwarept20x-sdi-xx-g2_firmwarendi_fixed_camera_firmwarept12x-zcam_firmwarev61wpt30x-ndi-xx_firmwarevx70uvsvx752avx720lba30smcamii_ptzvx701ta_firmwarevx752agvl_fixed_camerapt12x-usb-xx-g2_firmwarevx701ra_firmwarepteptz-ndi-zcam-g2_firmwarev71uvs_firmwarept12x-ndi-xxbv20s_firmwarepteptz-zcam-g2bx20uhdbx20s-sh_firmwarebx20s-shvx90_firmwarevx751ba_firmwarept12x-usb-xx-g2ba30-nvx60aslvx71uvsv60xl_firmwarebx30sptvl-zcam_firmwarept20x-usb-xx-g2_firmwarevx61alba30-n_firmwarept12x-sdi-xx-g2_firmwarepteptz-zcam-g2_firmwarevx61al_firmwarevx701rapt30x-sdi-xx-g2vx720l_firmwarehd17h_firmwarevx701tahd17h-nbx30s_firmwarePT30X-4K-xx-G3PT-STUDIOPROPT20X-SDI/NDI-xxPT30X-LINK-4K-xxPT20X-USB-xxPT12X-STUDIO-4K-xx-G3PT12X-SDI/NDI-xxVL Fixed Camera/NDI Fixed CameraHC-EPTZ-NDIPT20X-STUDIO-4K-xx-G3PT12X-USB-xxPT30X-SE-xx-G3PT20X-4K-xx-G3PT20X-SE-xx-G3PT20X-LINK-4K-xxPT30X-SDI/NDI-xx20x Fixed Camera/NDI Fixed CameraEPTZ Fixed Camera/NDI Fixed CameraPan-Tilt-Zoom CamerasPT12X-SE-xx-G312x Fixed Camera/NDI Fixed CameraPT12X-LINK-4K-xxPT12X-4K-xx-G3
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-7332
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-92.11% / 99.70%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 00:31
Updated-09 Aug, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK CP450 Telnet Service product.ini hard-coded password

A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-cp450_firmwarecp450CP450cp450_firmware
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-8162
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.31% / 53.71%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 13:00
Updated-27 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T10 AC1200 Telnet Service product.ini hard-coded credentials

A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t10_firmwaret10T10 AC1200t10_v2_firmware
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-6912
Matching Score-4
Assigner-CyberDanube
ShareView Details
Matching Score-4
Assigner-CyberDanube
CVSS Score-9.3||CRITICAL
EPSS-0.21% / 42.95%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 20:51
Updated-13 Feb, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded MSSQL Credentials

Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0.

Action-Not Available
Vendor-perkinelmerPerkinElmerperkin_elmerMicrosoft Corporation
Product-windowsprocessplusProcessPlusprocess_plus
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-12789
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.00%
||
7 Day CHG~0.00%
Published-14 Sep, 2020 | 13:24
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.

Action-Not Available
Vendor-microchipn/a
Product-atsama5d36a-curatsama5d28c-ld2g-cuatsama5d43b-cur_firmwareatsama5d42b-curatsama5d27c-d5m-cur_firmwareatsama5d34a-cuatsama5d44a-curatsama5d28c-cn_firmwareatsama5d22c-cnratsama5d26c-curatsama5d35a-cu_firmwareatsama5d21c-cur_firmwareatsama5d27c-ld2g-cur_firmwareatsama5d27-som1atsama5d41a-cu_firmwareatsama5d36a-cur_firmwareatsama5d23c-cur_firmwareatsama5d28c-cu_firmwareatsama5d23c-cuatsama5d27c-d5m-curatsama5d31a-cfuatsama5d27c-cnvaoatsama5d41b-cuatsama5d28c-ld1g-cur_firmwareatsama5d21c-cuatsama5d26c-cn_firmwareatsama5d41a-cuatsama5d28c-ld2g-cu_firmwareatsama5d42a-cuatsama5d43a-cuatsama5d33a-cu_firmwareatsama5d36a-cuatsama5d27c-d1g-cu_firmwareatsama5d43b-cu_firmwareatsama5d34a-cur_firmwareatsama5d22c-cnr_firmwareatsama5d225c-d1m-cur_firmwareatsama5d43b-curatsama5d27c-cnatsama5d33a-cuatsama5d42b-cu_firmwareatsama5d23c-cnr_firmwareatsama5d44b-cu_firmwareatsama5d31a-cuatsama5d27c-cur_firmwareatsama5d27-wlsom1_firmwareatsama5d23c-curatsama5d24c-cuf_firmwareatsama5d28c-cuatsama5d34a-cu_firmwareatsama5d28c-curatsama5d43a-cur_firmwareatsama5d27c-ld2g-cu_firmwareatsama5d24c-cuatsama5d27c-cnrvao_firmwareatsama5d33a-cur_firmwareatsama5d24c-cur_firmwareatsama5d28c-cnratsama5d28c-ld1g-cu_firmwareatsama5d27c-curatsama5d21c-curatsama5d27c-d5m-cu_firmwareatsama5d35a-cnr_firmwareatsama5d42b-cuatsama5d36a-cnr_firmwareatsama5d24c-cufatsama5d44b-cuatsama5d27c-cn_firmwareatsama5d35a-cn_firmwareatsama5d42a-curatsama5d24c-cu_firmwareatsama5d27c-cnvao_firmwareatsama5d27c-cnratsama5d27c-ld1g-curatsama5d27c-ld2g-curatsama5d44a-cur_firmwareatsama5d27c-ld1g-cu_firmwareatsama5d225c-d1m-curatsama5d28c-ld1g-cuatsama5d27c-d1g-cuatsama5d28c-ld1g-curatsama5d22c-cur_firmwareatsama5d24c-curatsama5d28c-ld2g-cur_firmwareatsama5d44b-cur_firmwareatsama5d41b-cu_firmwareatsama5d41a-curatsama5d27c-d5m-cuatsama5d43a-curatsama5d26c-cnatsama5d31a-cfu_firmwareatsama5d36a-cn_firmwareatsama5d21c-cu_firmwareatsama5d31a-cfur_firmwareatsama5d36a-cnratsama5d27-som1_firmwareatsama5d41b-curatsama5d33a-curatsama5d26c-cnratsama5d27c-cnrvaoatsama5d41a-cur_firmwareatsama5d44a-cuatsama5d26c-cu_firmwareatsama5d35a-cnratsama5d22c-cu_firmwareatsama5d23c-cn_firmwareatsama5d23c-cnratsama5d31a-curatsama5d36a-cnatsama5d27c-ld2g-cuatsama5d22c-cuatsama5d27c-d1g-cur_firmwareatsama5d28c-ld2g-curatsama5d41b-cur_firmwareatsama5d43b-cuatsama5d36a-cu_firmwareatsama5d27c-ld1g-cur_firmwareatsama5d26c-cur_firmwareatsama5d42a-cu_firmwareatsama5d31a-cu_firmwareatsama5d27c-cnr_firmwareatsama5d22c-cn_firmwareatsama5d28c-d1g-cuatsama5d22c-curatsama5d28c-d1g-cur_firmwareatsama5d26c-cuatsama5d27c-cu_firmwareatsama5d31a-cfuratsama5d43a-cu_firmwareatsama5d35a-cur_firmwareatsama5d35a-curatsama5d23c-cnatsama5d26c-cnr_firmwareatsama5d23c-cu_firmwareatsama5d28c-cnr_firmwareatsama5d28c-cur_firmwareatsama5d28c-d1g-cu_firmwareatsama5d35a-cnatsama5d22c-cnatsama5d27c-d1g-curatsama5d27-wlsom1atsama5d44b-curatsama5d42a-cur_firmwareatsama5d27c-cuatsama5d34a-curatsama5d44a-cu_firmwareatsama5d28c-d1g-curatsama5d42b-cur_firmwareatsama5d31a-cur_firmwareatsama5d35a-cuatsama5d27c-ld1g-cuatsama5d28c-cnn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-51547
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-9.3||CRITICAL
EPSS-0.20% / 41.79%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 04:12
Updated-23 May, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Credentials Disclosure - keys

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

Action-Not Available
Vendor-ABB
Product-aspect-ent-12aspect-ent-2aspect-ent-2_firmwarematrix-232nexus-264-fnexus-3-264_firmwarematrix-11matrix-264matrix-11_firmwarematrix-296nexus-2128-fnexus-2128-a_firmwarenexus-264nexus-3-2128_firmwarenexus-2128-gmatrix-264_firmwarenexus-264-gnexus-3-264matrix-216nexus-264-f_firmwarenexus-3-2128nexus-2128-f_firmwarenexus-264_firmwarenexus-2128-g_firmwarenexus-2128-aaspect-ent-96matrix-296_firmwarenexus-2128_firmwarenexus-264-a_firmwareaspect-ent-12_firmwarenexus-2128aspect-ent-256matrix-232_firmwarenexus-264-g_firmwarenexus-264-aaspect-ent-96_firmwarematrix-216_firmwareaspect-ent-256_firmwareASPECT-EnterpriseMATRIX SeriesNEXUS Series
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-43052
Matching Score-4
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-4
Assigner-TIBCO Software Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.22% / 44.85%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 18:25
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO FTL Secret Generation Vulnerability

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-ftlTIBCO FTL - Community EditionTIBCO FTL - Enterprise EditionTIBCO FTL - Developer Edition
CWE ID-CWE-798
Use of Hard-coded Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found