Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-24218

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Oct, 2020 | 13:10
Updated At-04 Aug, 2024 | 15:12
Rejected At-
Credits

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Oct, 2020 | 13:10
Updated At:04 Aug, 2024 | 15:12
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.kb.cert.org/vuls/id/896979
x_refsource_MISC
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
x_refsource_MISC
Hyperlink: https://www.kb.cert.org/vuls/id/896979
Resource:
x_refsource_MISC
Hyperlink: https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.kb.cert.org/vuls/id/896979
x_refsource_MISC
x_transferred
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
x_refsource_MISC
x_transferred
Hyperlink: https://www.kb.cert.org/vuls/id/896979
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 Oct, 2020 | 14:15
Updated At:19 Oct, 2020 | 15:07

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

szuray
szuray
>>uaioe264-1u>>-
cpe:2.3:h:szuray:uaioe264-1u:-:*:*:*:*:*:*:*
szuray
szuray
>>uce264-1-mini>>-
cpe:2.3:h:szuray:uce264-1-mini:-:*:*:*:*:*:*:*
szuray
szuray
>>uce264-1wb-mini>>-
cpe:2.3:h:szuray:uce264-1wb-mini:-:*:*:*:*:*:*:*
szuray
szuray
>>uce264-4-1u>>-
cpe:2.3:h:szuray:uce264-4-1u:-:*:*:*:*:*:*:*
szuray
szuray
>>uce264-8-1u>>-
cpe:2.3:h:szuray:uce264-8-1u:-:*:*:*:*:*:*:*
szuray
szuray
>>uhae264-16>>-
cpe:2.3:h:szuray:uhae264-16:-:*:*:*:*:*:*:*
szuray
szuray
>>uhce264-1>>-
cpe:2.3:h:szuray:uhce264-1:-:*:*:*:*:*:*:*
szuray
szuray
>>uhce264-16p32>>-
cpe:2.3:h:szuray:uhce264-16p32:-:*:*:*:*:*:*:*
szuray
szuray
>>uhce264-1p2>>-
cpe:2.3:h:szuray:uhce264-1p2:-:*:*:*:*:*:*:*
szuray
szuray
>>uhce264-1p2-1u>>-
cpe:2.3:h:szuray:uhce264-1p2-1u:-:*:*:*:*:*:*:*
szuray
szuray
>>uhce264-1s>>-
cpe:2.3:h:szuray:uhce264-1s:-:*:*:*:*:*:*:*
szuray
szuray
>>uhce264-1w>>-
cpe:2.3:h:szuray:uhce264-1w:-:*:*:*:*:*:*:*
szuray
szuray
>>uhce264-1ws>>-
cpe:2.3:h:szuray:uhce264-1ws:-:*:*:*:*:*:*:*
szuray
szuray
>>uhce264-4p8>>-
cpe:2.3:h:szuray:uhce264-4p8:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-1-4k>>-
cpe:2.3:h:szuray:uhe264-1-4k:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-16>>-
cpe:2.3:h:szuray:uhe264-16:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-16l-3u>>-
cpe:2.3:h:szuray:uhe264-16l-3u:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-16s-2u>>-
cpe:2.3:h:szuray:uhe264-16s-2u:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-1l>>-
cpe:2.3:h:szuray:uhe264-1l:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-1l-4k>>-
cpe:2.3:h:szuray:uhe264-1l-4k:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-1lw>>-
cpe:2.3:h:szuray:uhe264-1lw:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-1s>>-
cpe:2.3:h:szuray:uhe264-1s:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-1s-mini>>-
cpe:2.3:h:szuray:uhe264-1s-mini:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-1w-mini>>-
cpe:2.3:h:szuray:uhe264-1w-mini:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-1wb-4g>>-
cpe:2.3:h:szuray:uhe264-1wb-4g:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-1wb-mini>>-
cpe:2.3:h:szuray:uhe264-1wb-mini:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-1wbs-2b>>-
cpe:2.3:h:szuray:uhe264-1wbs-2b:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-1wbs-mini>>-
cpe:2.3:h:szuray:uhe264-1wbs-mini:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-1ws-mini>>-
cpe:2.3:h:szuray:uhe264-1ws-mini:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-2-1u>>-
cpe:2.3:h:szuray:uhe264-2-1u:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-4>>-
cpe:2.3:h:szuray:uhe264-4:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-4-1u>>-
cpe:2.3:h:szuray:uhe264-4-1u:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-4l-1u>>-
cpe:2.3:h:szuray:uhe264-4l-1u:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-8>>-
cpe:2.3:h:szuray:uhe264-8:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-8-1u>>-
cpe:2.3:h:szuray:uhe264-8-1u:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-8l-3u>>-
cpe:2.3:h:szuray:uhe264-8l-3u:-:*:*:*:*:*:*:*
szuray
szuray
>>uhe264-8s-2u>>-
cpe:2.3:h:szuray:uhe264-8s-2u:-:*:*:*:*:*:*:*
szuray
szuray
>>use264-16-3u>>-
cpe:2.3:h:szuray:use264-16-3u:-:*:*:*:*:*:*:*
szuray
szuray
>>use264-1l>>-
cpe:2.3:h:szuray:use264-1l:-:*:*:*:*:*:*:*
szuray
szuray
>>use264-1l-1u>>-
cpe:2.3:h:szuray:use264-1l-1u:-:*:*:*:*:*:*:*
szuray
szuray
>>use264-1l-mini>>-
cpe:2.3:h:szuray:use264-1l-mini:-:*:*:*:*:*:*:*
szuray
szuray
>>use264-1lw>>-
cpe:2.3:h:szuray:use264-1lw:-:*:*:*:*:*:*:*
szuray
szuray
>>use264-1wb-l>>-
cpe:2.3:h:szuray:use264-1wb-l:-:*:*:*:*:*:*:*
szuray
szuray
>>use264-4l-1u>>-
cpe:2.3:h:szuray:use264-4l-1u:-:*:*:*:*:*:*:*
szuray
szuray
>>use264-8-1u>>-
cpe:2.3:h:szuray:use264-8-1u:-:*:*:*:*:*:*:*
szuray
szuray
>>uve264-1l>>-
cpe:2.3:h:szuray:uve264-1l:-:*:*:*:*:*:*:*
szuray
szuray
>>uve264-1lw>>-
cpe:2.3:h:szuray:uve264-1lw:-:*:*:*:*:*:*:*
szuray
szuray
>>iptv\/h.264_video_encoder_firmware>>Versions up to 1.97(inclusive)
cpe:2.3:o:szuray:iptv\/h.264_video_encoder_firmware:*:*:*:*:*:*:*:*
szuray
szuray
>>uaioe265-1u>>-
cpe:2.3:h:szuray:uaioe265-1u:-:*:*:*:*:*:*:*
szuray
szuray
>>uhae265-1-mini>>-
cpe:2.3:h:szuray:uhae265-1-mini:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-798Primarynvd@nist.gov
CWE ID: CWE-798
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/cve@mitre.org
Exploit
Third Party Advisory
https://www.kb.cert.org/vuls/id/896979cve@mitre.org
Third Party Advisory
US Government Resource
Hyperlink: https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.kb.cert.org/vuls/id/896979
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

621Records found

CVE-2021-27143
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.68% / 70.68%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:40
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-3907
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.18%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 18:00
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).

Action-Not Available
Vendor-identicardn/a
Product-premisys_idPremisys Identicard 3.1.190
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-2019-3908
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.55%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 18:00
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.

Action-Not Available
Vendor-identicardn/a
Product-premisys_idPremisys Identicard 3.1.190
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-24324
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.36%
||
7 Day CHG~0.00%
Published-30 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a8000ru_firmwarea8000run/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-8857
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.08% / 23.92%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 03:33
Updated-29 Aug, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Changing|Clinic Image System - Use of Hard-coded Credentials

Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code.

Action-Not Available
Vendor-Changing
Product-Clinic Image System
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-26660
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.95%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:34
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used.

Action-Not Available
Vendor-robotronicn/a
Product-runasspcn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-3918
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.46%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 21:00
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.

Action-Not Available
Vendor-Tenable, Inc.Nokia Corporation
Product-i-240w-q_gpon_ont_firmwarei-240w-q_gpon_ontAlcatel Lucent I-240W-Q GPON ONT
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-9310
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 10.52%
||
7 Day CHG+0.01%
Published-21 Aug, 2025 | 16:32
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
yeqifu carRental Druid login.html hard-coded credentials

A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRental_war/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

Action-Not Available
Vendor-yeqifu
Product-carRental
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-23816
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.99% / 75.96%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 09:00
Updated-09 May, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application.

Action-Not Available
Vendor-Siemens AG
Product-location_intelligenceLocation Intelligence SUS Non-ProdLocation Intelligence Perpetual LargeLocation Intelligence Perpetual MediumLocation Intelligence Perpetual Non-ProdLocation Intelligence SUS SmallLocation Intelligence Perpetual SmallLocation Intelligence SUS MediumLocation Intelligence SUS Large
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-4675
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.25%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 16:45
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_managerSecurity Identity Manager
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-23619
Matching Score-4
Assigner-Exodus Intelligence
ShareView Details
Matching Score-4
Assigner-Exodus Intelligence
CVSS Score-9.8||CRITICAL
EPSS-0.95% / 75.37%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:35
Updated-16 Jun, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Merge Healthcare eFilm Workstation Hardcoded Credentials

A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.

Action-Not Available
Vendor-IBM Corporation
Product-merge_efilm_workstationeFilm Workstation
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-20025
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.99% / 82.89%
||
7 Day CHG~0.00%
Published-29 Jul, 2020 | 17:28
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privilege level. An attacker could exploit this vulnerability by using this account to remotely log into an affected device. A successful exploit could allow the attacker to log into the device with manufacturer level access. This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. This vulnerability does not affect SV9100 software releases prior to 6.0.

Action-Not Available
Vendor-n/aNEC Corporation
Product-sv9100_firmwaresv9100n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-22853
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-83.43% / 99.23%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:00
Updated-20 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-go-rt-ac750go-rt-ac750_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-8730
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-9.55% / 92.55%
||
7 Day CHG~0.00%
Published-08 Aug, 2025 | 14:32
Updated-08 Aug, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Belkin F9K1009/F9K1010 Web Interface hard-coded credentials

A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Belkin International, Inc.
Product-F9K1009F9K1010
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-23473
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-8.6||HIGH
EPSS-0.10% / 28.21%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 12:43
Updated-10 Feb, 2025 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass Vulnerability

The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-access_rights_managerAccess Rights Manageraccess_rights_manager
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-51536
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 16.93%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 00:00
Updated-05 Aug, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-1392
Use of Default Credentials
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-21764
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 24.72%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 23:28
Updated-17 Oct, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Hard-Coded Credentials in Rapid SCADA

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port.

Action-Not Available
Vendor-rapidscadaRapid Software LLC
Product-rapid_scadaRapid SCADA
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-21990
Matching Score-4
Assigner-NetApp, Inc.
ShareView Details
Matching Score-4
Assigner-NetApp, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.05%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 19:35
Updated-10 Feb, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials.

Action-Not Available
Vendor-NetApp, Inc.
Product-ontap_select_deploy_administration_utilityONTAP Select Deploy administration utilityclustered_data_ontap
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-29730
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 69.71%
||
7 Day CHG~0.00%
Published-27 May, 2022 | 12:56
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.

Action-Not Available
Vendor-usrn/a
Product-usr-g800v2_firmwareusr-g808_firmwareusr-g807usr-g806usr-g806_firmwareusr-lg220-l_firmwareusr-g800v2usr-lg220-lusr-g808usr-g807_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-19492
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-35.48% / 96.93%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 01:13
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

Action-Not Available
Vendor-freeswitchn/a
Product-freeswitchn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-19033
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.91% / 74.85%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 17:53
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.

Action-Not Available
Vendor-jaliosn/a
Product-jcmsn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-1935
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-88.86% / 99.50%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:25
Updated-19 Nov, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability

A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-integrated_management_controller_supervisorucs_directorucs_director_express_for_big_dataCisco Unified Computing System Director
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2017-15582
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.80%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.

Action-Not Available
Vendor-writediaryn/a
Product-diary_with_lockn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-2161
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 67.58%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 06:00
Updated-02 Aug, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Hard-coded Credentials in Kiloview NDI N series products API middleware

Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .

Action-Not Available
Vendor-Kiloviewkiloview
Product-NDIndi_n4_firmware
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-7401
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.60%
||
7 Day CHG~0.00%
Published-11 Jul, 2025 | 04:22
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Read and Write via remote_tunnel.php

The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote support functionality in remote_tunnel.php in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to read from or write to arbitrary files on the affected site's server which may make the exposure of sensitive information or remote code execution possible.

Action-Not Available
Vendor-aa-team
Product-Premium Age Verification / Restriction for WordPress
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-46274
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.19% / 40.74%
||
7 Day CHG+0.04%
Published-24 Apr, 2025 | 22:57
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Planet Technology Network Products Use of Hard-coded Credentials

UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read, manipulate and create entries in the managed database.

Action-Not Available
Vendor-Planet Technology
Product-UNI-NMS-Lite
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-46273
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.19% / 40.74%
||
7 Day CHG+0.04%
Published-24 Apr, 2025 | 22:57
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Planet Technology Network Products Use of Hard-coded Credentials

UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS managed devices.

Action-Not Available
Vendor-Planet Technology
Product-UNI-NMS-Lite
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-45746
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.28%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 00:00
Updated-21 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform.

Action-Not Available
Vendor-ZKTeco Co., Ltd.
Product-zkbio_cvsecurityZKBio CVSecurity
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-45784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 48.98%
||
7 Day CHG+0.01%
Published-18 Jun, 2025 | 00:00
Updated-22 Jul, 2025 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dph-400sedph-400se_firmwaredph-400s_firmwaredph-400sn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2013-2567
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-52.74% / 97.86%
||
7 Day CHG~0.00%
Published-29 Jan, 2020 | 16:47
Updated-06 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.

Action-Not Available
Vendor-zavion/a
Product-f312a_firmwaref3105f312af3105_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-43982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 16.93%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 00:00
Updated-14 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2013-1352
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 74.44%
||
7 Day CHG~0.00%
Published-30 Jan, 2020 | 13:25
Updated-06 Aug, 2024 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive.

Action-Not Available
Vendor-veraxsystemsn/a
Product-network_management_systemn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-20439
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-86.52% / 99.37%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 16:28
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-04-21||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-smart_license_utilityCisco Smart License Utilitycisco_smart_license_utilitySmart Licensing Utility
CWE ID-CWE-912
Hidden Functionality
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2005-3716
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.26%
||
7 Day CHG~0.00%
Published-21 Nov, 2005 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information.

Action-Not Available
Vendor-utstarcomn/a
Product-f1000_wi-fi_firmwaref1000_wi-fin/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-16150
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 43.99%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 12:27
Updated-25 Oct, 2024 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-forticlientFortinet FortiClient for Windows
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-1619
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-71.69% / 98.67%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 03:00
Updated-19 Nov, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-16153
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.37%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 16:39
Updated-25 Oct, 2024 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisiemFortinet FortiSIEM
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-1344
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 16.95%
||
7 Day CHG~0.00%
Published-19 Feb, 2024 | 11:19
Updated-24 Mar, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Encrypted database credentials in LaborOfficeFree

Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOF_service.exe' and 'LaborOfficeFree.exe' located in the '%programfiles(x86)%\LaborOfficeFree\' directory. This user can log in remotely and has root-like privileges.

Action-Not Available
Vendor-laborofficefreeLaborOfficeFreeprgtec
Product-laborofficefreeLaborOfficeFree laborofficefree
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-22667
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 68.39%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 16:01
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior).

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-bb-eswgp506-2sfp-t_firmwarebb-eswgp506-2sfp-tBB-ESWGP506-2SFP-T
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2017-14422
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.32%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-850l_firmwaredir-850ln/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-54455
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 19.40%
||
7 Day CHG+0.01%
Published-23 Jul, 2025 | 05:27
Updated-30 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-magicinfo_9_serverMagicINFO 9 Server
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2012-3503
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.30% / 78.93%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.

Action-Not Available
Vendor-n/aRed Hat, Inc.The Foreman
Product-katelloenterprise_linux_servern/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-1228
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-9.3||CRITICAL
EPSS-0.09% / 26.98%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 11:13
Updated-01 Aug, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded password in Eurosoft Przychodnia

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed).

Action-Not Available
Vendor-eurosoftEuroSoft Sp. z o. o.eurosoftsp.zo.o
Product-przychodniaEurosoft Przychodniaeurosoft_przychodina
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-13474
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.53% / 80.59%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 00:00
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands.

Action-Not Available
Vendor-telestarn/a
Product-imperial_i200_firmwareimperial_i500-bt_firmwaredabman_d10_firmwareimperial_i600imperial_i150_firmwareimperial_i200-cdimperial_i200-cd_firmwareimperial_i400_firmwareimperial_i500-btbobs_rock_radioimperial_i110imperial_i110_firmwareimperial_i450imperial_i400imperial_i150imperial_i450_firmwaredabman_i30_stereoimperial_i200dabman_i30_stereo_firmwareimperial_i600_firmwarebobs_rock_radio_firmwaredabman_d10n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-13543
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.8||MEDIUM
EPSS-0.66% / 70.32%
||
7 Day CHG~0.00%
Published-08 Nov, 2019 | 19:03
Updated-22 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Medtronic Valleylab FT10 and FX8 Use of Hard-coded Credentials

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.

Action-Not Available
Vendor-medtronicMedtronic
Product-valleylab_ft10_energy_platformvalleylab_ft10_energy_platform_firmwarevalleylab_fx8_energy_platformvalleylab_exchange_clientvalleylab_fx8_energy_platform_firmwareValleylab FX8 Energy Platform (VLFX8GEN)Valleylab Exchange ClientValleylab FT10 Energy Platform (VLFT10GEN)
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-14482
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.18% / 83.68%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 15:47
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across different customers' installations when no other SSL certificate is installed, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

Action-Not Available
Vendor-adremsoftn/a
Product-netcrunchn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-25045
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.05%
||
7 Day CHG+0.02%
Published-02 Mar, 2022 | 20:51
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.

Action-Not Available
Vendor-home_owners_collection_management_system_projectn/a
Product-home_owners_collection_management_systemn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-12797
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.78%
||
7 Day CHG~0.00%
Published-31 Jul, 2019 | 18:21
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle.

Action-Not Available
Vendor-elmelectronicsn/a
Product-elm27elm27_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2008-1160
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.75% / 92.64%
||
7 Day CHG~0.00%
Published-25 Mar, 2008 | 00:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.

Action-Not Available
Vendor-n/aZyxel Networks Corporation
Product-zywall_1050zywall_1050_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-10694
Matching Score-4
Assigner-Perforce
ShareView Details
Matching Score-4
Assigner-Perforce
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.08%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 23:02
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9.

Action-Not Available
Vendor-n/aPerforce Software, Inc. ("Puppet")
Product-puppet_enterprisePuppet Enterprise
CWE ID-CWE-798
Use of Hard-coded Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 12
  • 13
  • Next
Details not found