Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-14510

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-25 Aug, 2020 | 13:19
Updated At-16 Sep, 2024 | 19:25
Rejected At-
Credits

OFF-BY-ONE ERROR CWE-193

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:25 Aug, 2020 | 13:19
Updated At:16 Sep, 2024 | 19:25
Rejected At:
â–¼CVE Numbering Authority (CNA)
OFF-BY-ONE ERROR CWE-193

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.

Affected Products
Vendor
Secomea A/SSecomea
Product
GateManager
Versions
Affected
  • From All versions prior to 9.2c before 9.2c (custom)
Problem Types
TypeCWE IDDescription
CWECWE-193OFF-BY-ONE ERROR CWE-193
Type: CWE
CWE ID: CWE-193
Description: OFF-BY-ONE ERROR CWE-193
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01
x_refsource_MISC
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01
x_refsource_MISC
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:25 Aug, 2020 | 14:15
Updated At:04 Nov, 2021 | 18:18

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

Secomea A/S
secomea
>>gatemanager_8250>>-
cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*
Secomea A/S
secomea
>>gatemanager_8250_firmware>>9.2c
cpe:2.3:o:secomea:gatemanager_8250_firmware:9.2c:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-798Primarynvd@nist.gov
CWE-193Secondaryics-cert@hq.dhs.gov
CWE ID: CWE-798
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-193
Type: Secondary
Source: ics-cert@hq.dhs.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

715Records found

CVE-2012-3503
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.00% / 85.74%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.

Action-Not Available
Vendor-n/aThe ForemanRed Hat, Inc.
Product-enterprise_linux_serverkatellon/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-11483
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.36% / 68.44%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationIntel Corporation
Product-bmc_firmwaredgx-1dgx-2NVIDIA DGX Servers
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-11543
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.60% / 83.44%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 23:32
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. This issue has been resolved in OpsRamp Gateway firmware version 7.0.0 where an administrator and a system user accounts are the only available user accounts for the gateway appliance.

Action-Not Available
Vendor-opsrampn/a
Product-gatewayn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-44096
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.76% / 50.91%
||
7 Day CHG~0.00%
Published-30 Nov, 2022 | 00:00
Updated-25 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.

Action-Not Available
Vendor-n/aoretnom23
Product-sanitization_management_systemn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-38394
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.91% / 55.71%
||
7 Day CHG~0.00%
Published-08 Sep, 2022 | 07:10
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command.

Action-Not Available
Vendor-allied-telesisAllied Telesis K.K.
Product-centrecom_ar260s_firmwarecentrecom_ar260sCentreCOM AR260S V2
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-11126
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.60% / 44.38%
||
7 Day CHG~0.00%
Published-29 Sep, 2025 | 00:02
Updated-29 Sep, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apeman ID71 system.ini hard-coded credentials

A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation results in hard-coded credentials. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Apeman
Product-ID71
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2012-2166
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.76% / 84.49%
||
7 Day CHG~0.00%
Published-08 Feb, 2018 | 23:00
Updated-06 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.

Action-Not Available
Vendor-n/aIBM Corporation
Product-xiv_storage_system_2810-114_firmwarexiv_storage_system_2812-114_firmwarexiv_storage_system_2812-114xiv_storage_system_2812-a14xiv_storage_system_2810-a14xiv_storage_system_2810-a14_firmwarexiv_storage_system_2810-114xiv_storage_system_2812-a14_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-38116
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.98% / 58.01%
||
7 Day CHG+0.04%
Published-30 Aug, 2022 | 04:25
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Le-yan Co., Ltd. Personnel and Salary Management System - Hard-coded password

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service.

Action-Not Available
Vendor-leyanLe-yan Co., Ltd.
Product-salary_management_systemPersonnel and Salary Management System
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-38823
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.92% / 55.82%
||
7 Day CHG+0.01%
Published-16 Sep, 2022 | 14:23
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-t6t6_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-9486
Matching Score-4
Assigner-Kubernetes
ShareView Details
Matching Score-4
Assigner-Kubernetes
CVSS Score-9.8||CRITICAL
EPSS-2.22% / 80.54%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 20:33
Updated-08 Dec, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VM images built with Image Builder and Proxmox provider use default credentials

A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider.

Action-Not Available
Vendor-kubernetes-sigsKubernetes
Product-image_builderImage Builderimage_builder
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-9643
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.8||CRITICAL
EPSS-2.93% / 85.39%
||
7 Day CHG-0.03%
Published-04 Feb, 2025 | 14:47
Updated-22 Nov, 2025 | 01:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Four-Faith F3x36 Hidden Debug Credentials

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.

Action-Not Available
Vendor-four-faithFour-Faith
Product-f3x36_firmwaref3x36F3x36
CWE ID-CWE-489
Active Debug Code
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36672
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.98% / 58.01%
||
7 Day CHG+0.04%
Published-01 Sep, 2022 | 02:08
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session.

Action-Not Available
Vendor-n/axxyopen (Novel Plus)
Product-novel-plusn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-8450
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.6||HIGH
EPSS-0.37% / 29.27%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 06:50
Updated-04 Oct, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PLANET Technology switch devices - Hard-coded SNMPv1 read-write community string

Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges.

Action-Not Available
Vendor-planetPLANET Technology
Product-gs-4210-24p2s_firmwaregs-4210-24pl4cgs-4210-24pl4c_firmwaregs-4210-24p2sGS-4210-24P2S hardware 3.0GS-4210-24PL4C hardware 2.0
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36560
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.69% / 48.40%
||
7 Day CHG+0.03%
Published-29 Aug, 2022 | 22:46
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh.

Action-Not Available
Vendor-seiko-soln/a
Product-skybridge_mb-a200skybridge_mb-a200_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36952
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.44% / 35.52%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 20:59
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

Action-Not Available
Vendor-n/aVeritas Technologies LLC
Product-netbackupn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-35540
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.11% / 61.89%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 22:17
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access.

Action-Not Available
Vendor-dotnetcoren/a
Product-agileconfign/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-8162
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-1.67% / 73.89%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 13:00
Updated-27 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T10 AC1200 Telnet Service product.ini hard-coded credentials

A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t10_firmwaret10T10 AC1200t10_v2_firmware
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-35491
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 48.75%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 16:25
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002rua3002ru_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-32535
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-1.41% / 69.32%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 14:12
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QSAN SANOS - Use of Hard-coded Credentials

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.

Action-Not Available
Vendor-qsanQSAN
Product-sanosSANOS
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-6912
Matching Score-4
Assigner-CyberDanube
ShareView Details
Matching Score-4
Assigner-CyberDanube
CVSS Score-9.3||CRITICAL
EPSS-1.11% / 62.05%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 20:51
Updated-13 Feb, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded MSSQL Credentials

Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0.

Action-Not Available
Vendor-perkinelmerPerkinElmerperkin_elmerMicrosoft Corporation
Product-windowsprocessplusProcessPlusprocess_plus
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-6890
Matching Score-4
Assigner-KoreLogic Security
ShareView Details
Matching Score-4
Assigner-KoreLogic Security
CVSS Score-9.8||CRITICAL
EPSS-0.72% / 49.27%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 23:09
Updated-08 Aug, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Journyx Unauthenticated Password Reset Bruteforce

Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.

Action-Not Available
Vendor-journyxJournyxjournyx
Product-journyxJournyx (jtime)journyx
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-799
Improper Control of Interaction Frequency
CWE ID-CWE-334
Small Space of Random Values
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-34970
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.80% / 84.71%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 18:39
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service.

Action-Not Available
Vendor-crowcppn/a
Product-crown/a
CWE ID-CWE-193
Off-by-one Error
CVE-2022-34907
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-15.82% / 96.48%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 20:17
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform.

Action-Not Available
Vendor-filewaven/a
Product-filewaven/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-35857
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.40% / 69.10%
||
7 Day CHG~0.00%
Published-13 Jul, 2022 | 21:22
Updated-03 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file.

Action-Not Available
Vendor-kvf-admin_projectn/a
Product-kvf-adminn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-28605
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.79% / 75.72%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 20:11
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory

Action-Not Available
Vendor-linkplayn/aApple Inc.Google LLC
Product-androidiphone_ossound_barn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-35866
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-3.05% / 85.95%
||
7 Day CHG~0.00%
Published-03 Aug, 2022 | 00:00
Updated-20 Nov, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.

Action-Not Available
Vendor-vinchinVinchin
Product-vinchin_backup_and_recoveryBackup and Recovery
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-34993
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.88% / 54.58%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 18:59
Updated-03 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3600r_firmwarea3600rn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-6656
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.43% / 34.81%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 08:44
Updated-03 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded Credentals in TNB Mobile Solutions' Cockpit Software

Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable. This issue affects Cockpit Software: before v2.13.

Action-Not Available
Vendor-tnbmobilTNB Mobile Solutionstnb_mobile_solutions
Product-cockpitCockpit Softwarecockpit_software
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-34045
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.42% / 82.14%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 16:50
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.

Action-Not Available
Vendor-n/aWAVLINK Technology Ltd.
Product-wl-wn530hg4wl-wn530hg4_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-39274
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.43% / 69.78%
||
7 Day CHG~0.00%
Published-06 Oct, 2022 | 00:00
Updated-22 Apr, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow in `ProcessRadioRxDone` in LoRaMac-node

LoRaMac-node is a reference implementation and documentation of a LoRa network node. Versions of LoRaMac-node prior to 4.7.0 are vulnerable to a buffer overflow. Improper size validation of the incoming radio frames can lead to an 65280-byte out-of-bounds write. The function `ProcessRadioRxDone` implicitly expects incoming radio frames to have at least a payload of one byte or more. An empty payload leads to a 1-byte out-of-bounds read of user controlled content when the payload buffer is reused. This allows an attacker to craft a FRAME_TYPE_PROPRIETARY frame with size -1 which results in an 65280-byte out-of-bounds memcopy likely with partially controlled attacker data. Corrupting a large part if the data section is likely to cause a DoS. If the large out-of-bounds write does not immediately crash the attacker may gain control over the execution due to now controlling large parts of the data section. Users are advised to upgrade either by updating their package or by manually applying the patch commit `e851b079`.

Action-Not Available
Vendor-semtechLora-net
Product-loramac-nodeLoRaMac-node
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-193
Off-by-one Error
CVE-2022-34442
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8||HIGH
EPSS-0.42% / 33.67%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 06:54
Updated-20 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges.

Action-Not Available
Vendor-Dell Inc.
Product-policy_manager_for_secure_connect_gatewaySecure Connect Gateway (SCG) Policy Manager
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-34441
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8||HIGH
EPSS-0.47% / 37.45%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 09:03
Updated-20 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges.

Action-Not Available
Vendor-Dell Inc.
Product-policy_manager_for_secure_connect_gatewaySecure Connect Gateway (SCG) Policy Manager
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-2616
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.29% / 66.76%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 15:02
Updated-23 Feb, 2026 | 10:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Beetel 777VR1 Web Management hard-coded credentials

A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is advisable to modify the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-beetelBeetel
Product-777vr1_firmware777vr1777VR1
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-8268
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-9.8||CRITICAL
EPSS-3.92% / 89.07%
||
7 Day CHG~0.00%
Published-09 Mar, 2019 | 00:00
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.

Action-Not Available
Vendor-uvncSiemens AGKaspersky Lab
Product-sinumerik_pcu_base_win10_software\/ipcultravncsinumerik_pcu_base_win7_software\/ipcsinumerik_access_mymachine\/p2pUltraVNC
CWE ID-CWE-193
Off-by-one Error
CVE-2022-32965
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-1.14% / 62.66%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 09:15
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ITPison OMICARD EDM - Use of Hard-coded Credentials

OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.

Action-Not Available
Vendor-omicard_edm_projectITPison
Product-omicard_edmOMICARD EDM
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-32985
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.07% / 60.84%
||
7 Day CHG~0.00%
Published-17 Jul, 2022 | 22:48
Updated-03 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.

Action-Not Available
Vendor-nexansn/a
Product-gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_medgigaswitch_v5_tp_sfp-2vi_54vdc_med_firmwaregigaswitch_v5_tp_sfp-2vi_54vdcgigaswitch_v5_2tp\(pse\+\)_sfp-vi_54vdcgigaswitch_641_desk_v5_sfp-vigigaswitch_642_desk_v5_sfp-2vigigaswitch_v5_2tp\(pd-f\+\)_sfp-vi_54vdc_firmwaregigaswitch_v5_2tp\(pse\+\)_sfp-vi_54vdc_firmwaregigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_firmwaregigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdcgigaswitch_641_desk_v5_sfp-vi_firmwaregigaswitch_v5_tp_sfp-2vi_54vdc_firmwaregigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_indgigaswitch_v5_tp_sfp-2vi_54vdc_indgigaswitch_v5_tp_sfp-2vi_54vdc_medgigaswitch_v5_tp_sfp-vi_230vacgigaswitch_v5_2tp_sfp-vi_54vdcgigaswitch_v5_2tp\(pd-f\+\)_sfp-vi_54vdcgigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_med_firmwaregigaswitch_v5_2tp_sfp-vi_54vdc_firmwaregigaswitch_v5_tp_sfp-vi_230vac_firmwaregigaswitch_v5_sfp-2vi_230vacgigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_ind_firmwaregigaswitch_v5_tp_sfp-2vi_54vdc_ind_firmwaregigaswitch_642_desk_v5_sfp-2vi_firmwaregigaswitch_v5_sfp-2vi_230vac_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-57040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 62.07%
||
7 Day CHG+0.07%
Published-26 Feb, 2025 | 00:00
Updated-22 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link TL-WR845N devices with firmware TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. NOTE: The supplier has stated that this issue was fixed in firmware versions 250401 or later.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr845n_firmwaretl-wr845nn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-5471
Matching Score-4
Assigner-ManageEngine
ShareView Details
Matching Score-4
Assigner-ManageEngine
CVSS Score-8.8||HIGH
EPSS-2.47% / 82.56%
||
7 Day CHG~0.00%
Published-17 Jul, 2024 | 10:56
Updated-01 Aug, 2024 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Agent takeover

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_ddi_centralDDI Centralmanageengine_ddi_central
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-5514
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 46.77%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 02:14
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MinMax CMS - Hidden Functionality

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs.

Action-Not Available
Vendor-MinMax Digital Technologyminmax
Product-MinMax CMSminmax
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-912
Hidden Functionality
CVE-2022-3089
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.3||MEDIUM
EPSS-0.25% / 16.16%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 16:28
Updated-07 Nov, 2023 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EnOcean SmartServer Hard-coded credentials

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.

Action-Not Available
Vendor-echelonEnOcean
Product-i.lon_visionsmartserverSmartserver
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-31210
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.02% / 59.07%
||
7 Day CHG~0.00%
Published-17 Jul, 2022 | 22:40
Updated-03 Aug, 2024 | 07:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts.

Action-Not Available
Vendor-infirayn/a
Product-iray-a8z3_firmwareiray-a8z3n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-54750
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 34.73%
||
7 Day CHG+0.01%
Published-06 Dec, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before.

Action-Not Available
Vendor-n/aUbiquiti Inc.
Product-n/au6-lr_firmware
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-15497
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.93% / 85.39%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 20:29
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP.

Action-Not Available
Vendor-blackboxonelann/a
Product-icompel_firmwareicompelnet-top-box_firmwarenet-top-boxn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-55557
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.34% / 67.84%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-29889
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 62.10%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 16:33
Updated-15 Apr, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability.

Action-Not Available
Vendor-goabodeabode systems, inc.
Product-iota_all-in-one_security_kitiota_all-in-one_security_kit_firmwareiota All-In-One Security Kit
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-30318
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.40% / 69.08%
||
7 Day CHG+0.05%
Published-31 Aug, 2022 | 15:39
Updated-03 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service.

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-controledge_plccontroledge_rtucontroledge_plc_firmwarecontroledge_rtu_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-30422
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.80% / 88.72%
||
7 Day CHG~0.00%
Published-17 Jun, 2022 | 16:11
Updated-03 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter.

Action-Not Available
Vendor-proiettin/a
Product-planet_time_enterprisen/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-29644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.46% / 70.36%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 11:50
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3100ra3100r_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-15975
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-85.65% / 99.70%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 07:40
Updated-15 Nov, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-30271
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 54.51%
||
7 Day CHG+0.04%
Published-26 Jul, 2022 | 22:11
Updated-03 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default.

Action-Not Available
Vendor-n/aMotorola Mobility LLC. (Lenovo Group Limited)
Product-ace1000_firmwareace1000n/aace1000_firmware
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 14
  • 15
  • Next
Details not found