Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-33583

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-30 Sep, 2021 | 19:19
Updated At-03 Aug, 2024 | 23:50
Rejected At-
Credits

REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:30 Sep, 2021 | 19:19
Updated At:03 Aug, 2024 | 23:50
Rejected At:
▼CVE Numbering Authority (CNA)

REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.compass-security.com/fileadmin/Research/Advisories/2021-12_CSNC-2021-012_timeCard_Hardcoded_Credentials.txt
x_refsource_MISC
Hyperlink: https://www.compass-security.com/fileadmin/Research/Advisories/2021-12_CSNC-2021-012_timeCard_Hardcoded_Credentials.txt
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.compass-security.com/fileadmin/Research/Advisories/2021-12_CSNC-2021-012_timeCard_Hardcoded_Credentials.txt
x_refsource_MISC
x_transferred
Hyperlink: https://www.compass-security.com/fileadmin/Research/Advisories/2021-12_CSNC-2021-012_timeCard_Hardcoded_Credentials.txt
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:30 Sep, 2021 | 20:15
Updated At:12 Oct, 2021 | 13:55

REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
reiner-sct
reiner-sct
>>timecard>>6.05.07
cpe:2.3:a:reiner-sct:timecard:6.05.07:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-798Primarynvd@nist.gov
CWE ID: CWE-798
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.compass-security.com/fileadmin/Research/Advisories/2021-12_CSNC-2021-012_timeCard_Hardcoded_Credentials.txtcve@mitre.org
Third Party Advisory
Hyperlink: https://www.compass-security.com/fileadmin/Research/Advisories/2021-12_CSNC-2021-012_timeCard_Hardcoded_Credentials.txt
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

602Records found
CVE-2021-27154
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:38
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / G0R2U1P2ag credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27164
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:36
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / aisadmin credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27158
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:37
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded L1vt1m4eng / 888888 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27151
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:39
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded rootmet / m3tr0r00t credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27155
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:38
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27159
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.28%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:37
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded useradmin / 888888 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:37
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / tele1234 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27169
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.23%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:35
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account.

Action-Not Available
Vendor-fiberhomen/a
Product-an5506-04-fa_firmwarean5506-04-fan/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-26611
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8.1||HIGH
EPSS-0.71% / 71.27%
||
7 Day CHG~0.00%
Published-26 Nov, 2021 | 16:31
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HejHome IP Camera use of hard-coded credentials vulnerability

HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..)

Action-Not Available
Vendor-hejGoqual
Product-hejhome_gkw-ic052_firmwarehejhome_gkw-ic052GKW-IC052
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27166
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.23%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:36
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27161
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:37
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27162
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.28%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:37
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-24681
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 34.88%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 00:00
Updated-25 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers' installations.

Action-Not Available
Vendor-n/aYealink Network Technology Co., Ltd
Product-configuration_encryption_tooln/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27145
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:40
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27153
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.28%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:38
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:39
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded gestiontelebucaramanga / t3l3buc4r4m4ng42013 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27168
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 44.09%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:36
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27147
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:39
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27167
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 44.09%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:36
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init_3bb_password in libci_adaptation_layer.so.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27157
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:37
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 888888 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27172
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 44.09%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:35
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:38
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains credentials for an ISP that equal the last part of the MAC address of the br0 interface.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27160
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.28%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:37
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27143
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.68% / 70.68%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:40
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27165
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 44.09%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:36
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27148
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:39
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27228
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.99%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 16:16
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names (such as constructor or hasOwnProperty) to convince the System that the supplied API Key exists in the underlying JS object, and consequently achieve complete access to User/Admin/Super API functions, as demonstrated by a /super/constructor/accounts/list URI.

Action-Not Available
Vendor-shinobin/a
Product-shinobi_pron/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-7800
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-1.17% / 77.84%
||
7 Day CHG~0.00%
Published-24 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device.

Action-Not Available
Vendor-
Product-evlink_parkingevlink_parking_firmwareEVLink Parking v3.2.0-12_v1 and earlier
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-24657
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.47%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 12:31
Updated-03 Aug, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol (port 22).

Action-Not Available
Vendor-goldshelln/a
Product-goldshell_miner_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-6210
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.40% / 79.63%
||
7 Day CHG~0.00%
Published-19 Jun, 2018 | 19:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-620dir-620_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-2161
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 67.59%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 06:00
Updated-02 Aug, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Hard-coded Credentials in Kiloview NDI N series products API middleware

Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .

Action-Not Available
Vendor-Kiloviewkiloview
Product-NDIndi_n4_firmware
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-21990
Matching Score-4
Assigner-NetApp, Inc.
ShareView Details
Matching Score-4
Assigner-NetApp, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.04%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 19:35
Updated-10 Feb, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials.

Action-Not Available
Vendor-NetApp, Inc.
Product-ontap_select_deploy_administration_utilityONTAP Select Deploy administration utilityclustered_data_ontap
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-21764
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 24.72%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 23:28
Updated-17 Oct, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Hard-Coded Credentials in Rapid SCADA

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port.

Action-Not Available
Vendor-rapidscadaRapid Software LLC
Product-rapid_scadaRapid SCADA
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-7241
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 67.96%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 20:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.

Action-Not Available
Vendor-
Product-140cpu65160ctsxp573634mmodicon_m340_bmxp3420302h_firmware140cpu65160_firmwaretsxh5744m_firmwaremodicon_m340_bmxp342020h_firmwaretsxh5744m140cpu65160s_firmwaretsxp571634mcmodicon_m340_bmxp3420102cltsxp574634m_firmwaremodicon_m340_bmxp3420302_firmwaretsxp575634mtsxh5724mc_firmwaretsxp57304mc140cpu65860tsxp575634mc140cpu65160modicon_m340_bmxp3420302cl_firmwaretsxh5744mc_firmwaretsxp573634mc_firmwaremodicon_m340_bmxp342020_firmwaretsxp57454m_firmwaretsxp57254m_firmwaremodicon_m340_bmxp3420102_firmwaretsxp572634mtsxp57554mc_firmwaretsxp574634mtsxh5724mtsxp57304m_firmwaretsxp571634mc_firmwaretsxp57454mcmodicon_m340_bmxp341000h140cpu65160sbmxnor0200_firmwaremodicon_m340_bmxp3420302clbmxnor0200htsxp574634mc_firmwaretsxp57154mctsxp57154m_firmwaretsxp57154mtsxp576634mtsxh5744mctsxp57204mcmodicon_m340_bmxp342020140cpu31110modicon_m340_bmxp342020htsxp57354mc_firmwaretsxp57104m140cpu65150c_firmwaretsxp57354m140cpu65150_firmwaremodicon_m340_bmxp342000_firmware140cpu65860cbmxnor0200h_firmwaretsxp57204m_firmwaretsxp57204m140cpu65260tsxp571634m_firmwaretsxp573634mc140cpu43412uc140cpu65150tsxp571634mtsxp57304mc_firmware140cpu65860_firmwarebmxnor0200modicon_m340_bmxp341000h_firmware140cpu65260ctsxp57354mc140cpu65150c140cpu43412u_firmwaretsxh5724m_firmwaremodicon_m340_bmxp342000tsxp575634m_firmwaretsxp573634m_firmwaretsxp57204mc_firmwaretsxp57104mc_firmwaremodicon_m340_bmxp341000tsxh5724mc140cpu65260c_firmwaretsxp57254mc_firmware140cpu31110_firmware140cpu31110ctsxp57304mtsxp576634mcmodicon_m340_bmxp3420302htsxp574634mcmodicon_m340_bmxp3420102cl_firmwaretsxp572634mc_firmwaretsxp57454mc_firmwaretsxp576634mc_firmwaretsxp57554mctsxp575634mc_firmware140cpu65160c_firmwaretsxp576634m_firmware140cpu65260_firmwaremodicon_m340_bmxp3420302140cpu43412uc_firmwaretsxp57454mtsxp572634mcmodicon_m340_bmxp341000_firmwaretsxp57254mtsxp57104m_firmwaretsxp572634m_firmwaretsxp57554mtsxp57254mctsxp57354m_firmwaretsxp57104mctsxp57554m_firmwaremodicon_m340_bmxp3420102140cpu31110c_firmware140cpu43412utsxp57154mc_firmware140cpu65860c_firmwareModicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-20439
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-86.52% / 99.37%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 16:28
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-04-21||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-smart_license_utilityCisco Smart License Utilitycisco_smart_license_utilitySmart Licensing Utility
CWE ID-CWE-912
Hidden Functionality
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-5399
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.4||CRITICAL
EPSS-0.21% / 42.84%
||
7 Day CHG~0.00%
Published-08 Oct, 2018 | 15:00
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running and is configured with a hard-coded credentials

The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password only authentication not cryptographic keys, however the firmware image contains an RSA host-key for the server. An attacker can exploit this vulnerability to gain root access to the Angstrom Linux operating system and modify any binaries or configuration files in the firmware. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.

Action-Not Available
Vendor-auto-maskinAuto-Maskin
Product-dcu-210erp-210e_firmwarerp-210edcu-210e_firmwareDCU-210ERP-210E
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-5723
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-38.03% / 97.11%
||
7 Day CHG~0.00%
Published-16 Jan, 2018 | 22:00
Updated-05 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.

Action-Not Available
Vendor-barnin/a
Product-master_ip_camera01_firmwaremaster_ip_camera01n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-28897
Matching Score-4
Assigner-Automotive Security Research Group (ASRG)
ShareView Details
Matching Score-4
Assigner-Automotive Security Research Group (ASRG)
CVSS Score-4||MEDIUM
EPSS-0.05% / 14.44%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 15:55
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hard-coded password for UDS services

The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.

Action-Not Available
Vendor-skoda-autoJOYNEXT
Product-superb_3superb_3_firmwareMIB3 Infotainment Unit
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-22730
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.50%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 10:44
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could an attacker to gain unauthorized administrative privileges when accessing to the charging station web server.

Action-Not Available
Vendor-n/a
Product-evlink_city_evc1s22p4evlink_parking_evf2evlink_parking_evf2_firmwareevlink_parking_ev.2_firmwareevlink_parking_evw2evlink_city_evc1s22p4_firmwareevlink_city_evc1s7p4_firmwareevlink_smart_wallbox_evb1a_firmwareevlink_smart_wallbox_evb1aevlink_parking_evw2_firmwareevlink_parking_ev.2evlink_city_evc1s7p4EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-22667
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 68.40%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 16:01
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior).

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-bb-eswgp506-2sfp-t_firmwarebb-eswgp506-2sfp-tBB-ESWGP506-2SFP-T
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-22707
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-90.00% / 99.56%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 10:41
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.

Action-Not Available
Vendor-n/a
Product-evlink_city_evc1s22p4evlink_parking_evf2evlink_parking_evf2_firmwareevlink_parking_ev.2_firmwareevlink_parking_evw2evlink_city_evc1s22p4_firmwareevlink_city_evc1s7p4_firmwareevlink_smart_wallbox_evb1a_firmwareevlink_smart_wallbox_evb1aevlink_parking_evw2_firmwareevlink_parking_ev.2evlink_city_evc1s7p4EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-20955
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.04% / 76.60%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 20:10
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31.

Action-Not Available
Vendor-swannn/a
Product-swwhd-intcam-hd_firmwareswwhd-intcam-hdn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-23233
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-0.32% / 54.30%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 18:17
Updated-16 Apr, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fresenius Kabi Agilia Connect Infusion System

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters.

Action-Not Available
Vendor-fresenius-kabiFresenius Kabi
Product-link\+_agilia_firmwarevigilant_insightagilia_connect_firmwareagilia_connectvigilant_mastermedlink\+_agiliavigilant_centeriumagilia_partner_maintenance_softwareAgilia Link+
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-22644
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.44%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 14:19
Updated-17 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ovarro TBox Use of Hard-coded Cryptographic Key

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key.

Action-Not Available
Vendor-ovarroOvarro
Product-tbox_ms-cpu32_firmwaretbox_ms-cpu32-s2_firmwaretbox_tg2tbox_lt2-530_firmwaretbox_lt2-532_firmwaretbox_lt2-540_firmwaretbox_rm2tbox_ms-cpu32-s2tbox_lt2-540tbox_lt2-532tbox_lt2-530tbox_ms-cpu32twinsofttbox_tg2_firmwaretbox_rm2_firmwareTBox
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-21913
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.69% / 70.87%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 14:48
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-3040_firmwaredir-3040D-Link
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-54455
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 19.42%
||
7 Day CHG+0.01%
Published-23 Jul, 2025 | 05:27
Updated-30 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-magicinfo_9_serverMagicINFO 9 Server
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-18473
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.00% / 91.09%
||
7 Day CHG~0.00%
Published-19 Mar, 2019 | 22:19
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system.

Action-Not Available
Vendor-patliten/a
Product-nhl-3fv1n_firmwarenbm-d88n_firmwarenhl-3fb1_firmwarenhl-3fv1nnbm-d88nnhl-3fb1n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-19063
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.22% / 78.30%
||
7 Day CHG~0.00%
Published-07 Nov, 2018 | 18:00
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password.

Action-Not Available
Vendor-opticamfoscamn/a
Product-i5_system_firmwarei5_application_firmwarec2i5c2_system_firmwarec2_application_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-21820
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-2.00% / 82.94%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 10:24
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-3040_firmwaredir-3040D-Link
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-54454
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 19.42%
||
7 Day CHG+0.01%
Published-23 Jul, 2025 | 05:26
Updated-30 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-magicinfo_9_serverMagicINFO 9 Server
CWE ID-CWE-798
Use of Hard-coded Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 12
  • 13
  • Next
Details not found