A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.
TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access.
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.
GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.
Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852.
Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge.
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.
D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.
Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance.
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).
The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance).
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171832.
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.
An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers' installations.
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service.
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device.
A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.
ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials.
D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system.
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740.
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could an attacker to gain unauthorized administrative privileges when accessing to the charging station web server.
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1.
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior).
A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.
MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to intercept sensitive patient information. The admin account password is hard-coded as $K8t1ng throughout the application, and is the same across all installations. Customers do not have the option to change the Mirth Connect admin account password. The Mirth Connect admin account is created during the Connex install. The plaintext account password is hard-coded multiple times in the Connex install and update scripts.
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.
A vulnerability has been found in E-Lins H685, H685f, H700, H720, H750, H820, H820Q, H820Q0 and H900 up to 3.2 and classified as critical. This vulnerability affects unknown code of the component OEM Backend. The manipulation leads to hard-coded credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way.
When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content.
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware.
The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-9553.
Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access.