Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-48067

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Jan, 2023 | 00:00
Updated At-28 Mar, 2025 | 16:03
Rejected At-
Credits

An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Jan, 2023 | 00:00
Updated At:28 Mar, 2025 | 16:03
Rejected At:
▼CVE Numbering Authority (CNA)

An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://befitting-vinca-933.notion.site/Totolink-A830R-V4-1-2cu-5182-Sensitive-Information-Disclosure-567f4a17d5cc401b97e5c3e61aae8ca0
N/A
Hyperlink: https://befitting-vinca-933.notion.site/Totolink-A830R-V4-1-2cu-5182-Sensitive-Information-Disclosure-567f4a17d5cc401b97e5c3e61aae8ca0
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://befitting-vinca-933.notion.site/Totolink-A830R-V4-1-2cu-5182-Sensitive-Information-Disclosure-567f4a17d5cc401b97e5c3e61aae8ca0
x_transferred
Hyperlink: https://befitting-vinca-933.notion.site/Totolink-A830R-V4-1-2cu-5182-Sensitive-Information-Disclosure-567f4a17d5cc401b97e5c3e61aae8ca0
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-798CWE-798 Use of Hard-coded Credentials
Type: CWE
CWE ID: CWE-798
Description: CWE-798 Use of Hard-coded Credentials
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Jan, 2023 | 15:15
Updated At:28 Mar, 2025 | 16:15

An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
TOTOLINK
totolink
>>a830r_firmware>>4.1.2cu.5182
cpe:2.3:o:totolink:a830r_firmware:4.1.2cu.5182:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a830r>>-
cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-798Primarynvd@nist.gov
CWE-798Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-798
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-798
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://befitting-vinca-933.notion.site/Totolink-A830R-V4-1-2cu-5182-Sensitive-Information-Disclosure-567f4a17d5cc401b97e5c3e61aae8ca0cve@mitre.org
Exploit
Third Party Advisory
https://befitting-vinca-933.notion.site/Totolink-A830R-V4-1-2cu-5182-Sensitive-Information-Disclosure-567f4a17d5cc401b97e5c3e61aae8ca0af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://befitting-vinca-933.notion.site/Totolink-A830R-V4-1-2cu-5182-Sensitive-Information-Disclosure-567f4a17d5cc401b97e5c3e61aae8ca0
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://befitting-vinca-933.notion.site/Totolink-A830R-V4-1-2cu-5182-Sensitive-Information-Disclosure-567f4a17d5cc401b97e5c3e61aae8ca0
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
CVE-2024-1661
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-2.5||LOW
EPSS-0.05% / 14.36%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 12:30
Updated-28 Aug, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink X6000R shadow hard-coded credentials

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-x6000r_firmwareX6000Rx6000r_firmware
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-2790
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-0.03% / 5.24%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 12:31
Updated-02 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK N200RE Telnet Service custom.conf password in configuration file

A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-n200re_firmwaren200reN200RE
CWE ID-CWE-260
Password in Configuration File
CVE-2020-27368
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 33.82%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 15:57
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a702ra702r_firmwaren/a
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2024-24324
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.33%
||
7 Day CHG~0.00%
Published-30 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a8000ru_firmwarea8000run/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-48113
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.66%
||
7 Day CHG~0.00%
Published-02 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n200re-v5n200re-v5_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-8162
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.28% / 51.32%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 13:00
Updated-27 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T10 AC1200 Telnet Service product.ini hard-coded credentials

A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t10_firmwaret10T10 AC1200t10_v2_firmware
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-7332
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-69.01% / 98.57%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 00:31
Updated-09 Aug, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK CP450 Telnet Service product.ini hard-coded password

A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-cp450_firmwarecp450CP450cp450_firmware
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36612
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.09%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a950rga950rg_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-7155
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-2||LOW
EPSS-0.04% / 10.35%
||
7 Day CHG~0.00%
Published-28 Jul, 2024 | 10:00
Updated-08 Aug, 2024 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A3300R shadow.sample hard-coded password

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-a3300ra3300r_firmwareA3300Ra3300r
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-7170
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 26.30%
||
7 Day CHG~0.00%
Published-28 Jul, 2024 | 22:00
Updated-08 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A3000RU product.ini hard-coded password

A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-a3000ru_firmwarea3000ruA3000RUa3000ru_firmware
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-35491
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 60.15%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 16:25
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002rua3002ru_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-34993
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.30%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 18:59
Updated-03 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3600r_firmwarea3600rn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-29644
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.21%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 11:50
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3100ra3100r_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-24149
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.33%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-29645
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.21%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 11:50
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3100ra3100r_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-46008
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.45%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 22:20
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3100ra3100r_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36613
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.09%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n600r_firmwaren600rn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-42892
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.89%
||
7 Day CHG~0.00%
Published-03 Jun, 2022 | 16:53
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ex1200t_firmwareex1200tn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-24155
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.33%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.

Action-Not Available
Vendor-n/aTOTOLINK
Product-t8_firmwaret8n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-24147
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.27%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-40111
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.09%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 16:53
Updated-03 Aug, 2024 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002ra3002r_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-38823
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.78%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 14:23
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-t6t6_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-37841
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.01%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 16:39
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a860r_firmwarea860rn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36610
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.09%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a720ra720r_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36616
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.09%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a810ra810r_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36614
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.09%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a860r_firmwarea860rn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36611
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.09%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a800r_firmwarea800rn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-36782
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.37%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 20:09
Updated-30 May, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

Action-Not Available
Vendor-n/aTOTOLINK
Product-cp300_firmwarecp300n/acp300\+
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-35396
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 32.67%
||
7 Day CHG~0.00%
Published-24 May, 2024 | 15:54
Updated-03 Apr, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.

Action-Not Available
Vendor-n/aTOTOLINK
Product-cp900l_firmwarecp900ln/acp900
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-34219
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-0.37% / 57.92%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 14:07
Updated-04 Apr, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet.

Action-Not Available
Vendor-n/aTOTOLINK
Product-cp450cp450_firmwaren/acp450_firmware
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36615
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.09%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3000ru_firmwarea3000run/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-21426
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.41%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-28989
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.44%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 07:13
Updated-25 Feb, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SolarWinds Web Help Desk Cryptographic Key Management Vulnerability

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-web_help_deskWeb Help Desk
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-23453
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.31%
||
7 Day CHG~0.00%
Published-23 Jan, 2024 | 23:12
Updated-04 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.

Action-Not Available
Vendor-spooncastSpoon Radio Japan Inc.
Product-spoonAndroid Spoon application
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-44296
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.03% / 8.52%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 07:46
Updated-01 Nov, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information.

Action-Not Available
Vendor-Dell Inc.
Product-e-lab_navigatorMobility - E-Lab Navigator
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-26579
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.25%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 17:27
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys.

Action-Not Available
Vendor-n/aHewlett Packard Enterprise (HPE)
Product-unified_data_managementHPE Unified Data Management (UDM)
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-44612
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.86%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-04 Oct, 2024 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-unisonIntel(R) Unison(TM) software
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-35763
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.93%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 17:23
Updated-21 Oct, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Iagona ScrutisWeb Use of Hard-coded Cryptographic Key

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext.

Action-Not Available
Vendor-iagonaiagona
Product-scrutiswebScrutisWeb
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-34386
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.38%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:11
Updated-26 Mar, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist Client Consumer
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-6857
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.70%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 16:29
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.

Action-Not Available
Vendor-taskautomationn/a
Product-carbonftpn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-28387
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.86%
||
7 Day CHG~0.00%
Published-30 Jun, 2023 | 06:22
Updated-04 Dec, 2024 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service.

Action-Not Available
Vendor-uzabaseNewsPicks, Inc.
Product-newspicks"NewsPicks" App for iOS"NewsPicks" App for Android
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-29964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.34%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:14
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350.

Action-Not Available
Vendor-emersonn/a
Product-se4037p0_h1_i\/o_interface_card_and_terminl_blockse4052s1t2b6_high_side_40-pin_mass_i\/o_terminal_blockse4801t0x_redundant_wireless_i\/o_cardve4104_ethernet\/ip_control_tag_integration_for_ethernet_connected_i\/o_\(eioc\)se4039p0_redundant_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock_firmwarese4037p1_redundant_h1_i\/o_card_with_integrated_power_and_terminal_block_firmwarese4100_simplex_ethernet_i\/o_card_\(eioc\)_assemblyse4003s2b524-pin_mass_i\/o_terminal_block_firmwarese4019p0_simplex_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock_firmwarese4027_virtual_i\/o_module_2se4101_simplex_ethernet_i\/o_card_\(eioc\)_assemblydeltav_distributed_control_system_sx_controller_firmwaredeltav_distributed_control_system_sx_controllerve4103_modbus_tcp_interface_for_ethernet_connected_i\/o_\(eioc\)se4017p1_h1_i\/o_card_with_integrated_powerse4019p0_simplex_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblockve4107_iec_61850_mms_interface_for_ethernet_connected_i\/o_\(eioc\)se4017p1_h1_i\/o_card_with_integrated_power_firmwarese4101_simplex_ethernet_i\/o_card_\(eioc\)_assembly_firmwareve4104_ethernet\/ip_control_tag_integration_for_ethernet_connected_i\/o_\(eioc\)_firmwareve4105_ethernet\/ip_interface_for_ethernet_connected_i\/o_\(eioc\)_firmwarese4017p0_h1_i\/o_interface_card_and_terminl_block_firmwareve4103_modbus_tcp_interface_for_ethernet_connected_i\/o_\(eioc\)_firmwarese4003s2b524-pin_mass_i\/o_terminal_blockse4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmwarese4082s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_blockdeltav_distributed_control_system_sq_controllerse4801t0x_redundant_wireless_i\/o_card_firmwarese4032s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_blockse4003s2b4_16-pin_mass_i\/o_terminal_blockse4039p0_redundant_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblockve4106_opc-ua_client_for_ethernet_connected_i\/o_\(eioc\)_firmwarese4100_simplex_ethernet_i\/o_card_\(eioc\)_assembly_firmwarese4032s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_block_firmwarese4037p0_h1_i\/o_interface_card_and_terminl_block_firmwareve4107_iec_61850_mms_interface_for_ethernet_connected_i\/o_\(eioc\)_firmwarese4027_virtual_i\/o_module_2_firmwarese4026_virtual_i\/o_module_2se4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_blockve4105_ethernet\/ip_interface_for_ethernet_connected_i\/o_\(eioc\)se4026_virtual_i\/o_module_2_firmwarese4052s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmwaredeltav_distributed_control_system_sq_controller_firmwareve4106_opc-ua_client_for_ethernet_connected_i\/o_\(eioc\)se4082s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_block_firmwarese4003s2b4_16-pin_mass_i\/o_terminal_block_firmwarese4037p1_redundant_h1_i\/o_card_with_integrated_power_and_terminal_blockse4017p0_h1_i\/o_interface_card_and_terminl_blockn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-29963
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.34%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:14
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.

Action-Not Available
Vendor-emersonn/a
Product-se4037p0_h1_i\/o_interface_card_and_terminl_blockse4052s1t2b6_high_side_40-pin_mass_i\/o_terminal_blockse4801t0x_redundant_wireless_i\/o_cardve4104_ethernet\/ip_control_tag_integration_for_ethernet_connected_i\/o_\(eioc\)se4039p0_redundant_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock_firmwarese4037p1_redundant_h1_i\/o_card_with_integrated_power_and_terminal_block_firmwarese4100_simplex_ethernet_i\/o_card_\(eioc\)_assemblyse4003s2b524-pin_mass_i\/o_terminal_block_firmwarese4019p0_simplex_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock_firmwarese4027_virtual_i\/o_module_2se4101_simplex_ethernet_i\/o_card_\(eioc\)_assemblydeltav_distributed_control_system_sx_controller_firmwaredeltav_distributed_control_system_sx_controllerve4103_modbus_tcp_interface_for_ethernet_connected_i\/o_\(eioc\)se4017p1_h1_i\/o_card_with_integrated_powerse4019p0_simplex_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblockve4107_iec_61850_mms_interface_for_ethernet_connected_i\/o_\(eioc\)se4017p1_h1_i\/o_card_with_integrated_power_firmwarese4101_simplex_ethernet_i\/o_card_\(eioc\)_assembly_firmwareve4104_ethernet\/ip_control_tag_integration_for_ethernet_connected_i\/o_\(eioc\)_firmwareve4105_ethernet\/ip_interface_for_ethernet_connected_i\/o_\(eioc\)_firmwarese4017p0_h1_i\/o_interface_card_and_terminl_block_firmwareve4103_modbus_tcp_interface_for_ethernet_connected_i\/o_\(eioc\)_firmwarese4003s2b524-pin_mass_i\/o_terminal_blockse4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmwarese4082s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_blockdeltav_distributed_control_system_sq_controllerse4801t0x_redundant_wireless_i\/o_card_firmwarese4032s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_blockse4003s2b4_16-pin_mass_i\/o_terminal_blockse4039p0_redundant_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblockve4106_opc-ua_client_for_ethernet_connected_i\/o_\(eioc\)_firmwarese4100_simplex_ethernet_i\/o_card_\(eioc\)_assembly_firmwarese4032s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_block_firmwarese4037p0_h1_i\/o_interface_card_and_terminl_block_firmwareve4107_iec_61850_mms_interface_for_ethernet_connected_i\/o_\(eioc\)_firmwarese4027_virtual_i\/o_module_2_firmwarese4026_virtual_i\/o_module_2se4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_blockve4105_ethernet\/ip_interface_for_ethernet_connected_i\/o_\(eioc\)se4026_virtual_i\/o_module_2_firmwarese4052s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmwaredeltav_distributed_control_system_sq_controller_firmwareve4106_opc-ua_client_for_ethernet_connected_i\/o_\(eioc\)se4082s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_block_firmwarese4003s2b4_16-pin_mass_i\/o_terminal_block_firmwarese4037p1_redundant_h1_i\/o_card_with_integrated_power_and_terminal_blockse4017p0_h1_i\/o_interface_card_and_terminl_blockn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-29960
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.63%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:14
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities.

Action-Not Available
Vendor-emersonn/a
Product-openbsin/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-29962
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.34%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:14
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.

Action-Not Available
Vendor-emersonn/a
Product-se4037p0_h1_i\/o_interface_card_and_terminl_blockse4052s1t2b6_high_side_40-pin_mass_i\/o_terminal_blockse4801t0x_redundant_wireless_i\/o_cardve4104_ethernet\/ip_control_tag_integration_for_ethernet_connected_i\/o_\(eioc\)se4039p0_redundant_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock_firmwarese4037p1_redundant_h1_i\/o_card_with_integrated_power_and_terminal_block_firmwarese4100_simplex_ethernet_i\/o_card_\(eioc\)_assemblyse4003s2b524-pin_mass_i\/o_terminal_block_firmwarese4019p0_simplex_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock_firmwarese4027_virtual_i\/o_module_2se4101_simplex_ethernet_i\/o_card_\(eioc\)_assemblydeltav_distributed_control_system_sx_controller_firmwaredeltav_distributed_control_system_sx_controllerve4103_modbus_tcp_interface_for_ethernet_connected_i\/o_\(eioc\)se4017p1_h1_i\/o_card_with_integrated_powerse4019p0_simplex_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblockve4107_iec_61850_mms_interface_for_ethernet_connected_i\/o_\(eioc\)se4017p1_h1_i\/o_card_with_integrated_power_firmwarese4101_simplex_ethernet_i\/o_card_\(eioc\)_assembly_firmwareve4104_ethernet\/ip_control_tag_integration_for_ethernet_connected_i\/o_\(eioc\)_firmwareve4105_ethernet\/ip_interface_for_ethernet_connected_i\/o_\(eioc\)_firmwarese4017p0_h1_i\/o_interface_card_and_terminl_block_firmwareve4103_modbus_tcp_interface_for_ethernet_connected_i\/o_\(eioc\)_firmwarese4003s2b524-pin_mass_i\/o_terminal_blockse4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmwarese4082s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_blockdeltav_distributed_control_system_sq_controllerse4801t0x_redundant_wireless_i\/o_card_firmwarese4032s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_blockse4003s2b4_16-pin_mass_i\/o_terminal_blockse4039p0_redundant_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblockve4106_opc-ua_client_for_ethernet_connected_i\/o_\(eioc\)_firmwarese4100_simplex_ethernet_i\/o_card_\(eioc\)_assembly_firmwarese4032s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_block_firmwarese4037p0_h1_i\/o_interface_card_and_terminl_block_firmwareve4107_iec_61850_mms_interface_for_ethernet_connected_i\/o_\(eioc\)_firmwarese4027_virtual_i\/o_module_2_firmwarese4026_virtual_i\/o_module_2se4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_blockve4105_ethernet\/ip_interface_for_ethernet_connected_i\/o_\(eioc\)se4026_virtual_i\/o_module_2_firmwarese4052s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmwaredeltav_distributed_control_system_sq_controller_firmwareve4106_opc-ua_client_for_ethernet_connected_i\/o_\(eioc\)se4082s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_block_firmwarese4003s2b4_16-pin_mass_i\/o_terminal_block_firmwarese4037p1_redundant_h1_i\/o_card_with_integrated_power_and_terminal_blockse4017p0_h1_i\/o_interface_card_and_terminl_blockn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-50974
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.02%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 00:00
Updated-17 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.

Action-Not Available
Vendor-appwriten/a
Product-command_line_interfacen/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-25807
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.52%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 00:45
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key.

Action-Not Available
Vendor-igeln/a
Product-universal_management_suiten/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-40719
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-4.1||MEDIUM
EPSS-0.04% / 12.82%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:08
Updated-30 Aug, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzerfortimanagerFortiManagerFortiAnalyzer
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-43575
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.47%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 22:45
Updated-04 Aug, 2024 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported

Action-Not Available
Vendor-knxn/a
Product-engineering_tool_software_6n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-25231
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.80%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 21:05
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files.

Action-Not Available
Vendor-Siemens AG
Product-logo\!_soft_comfortlogo\!_8_bmlogo\!_8_bm_firmwareLOGO! 8 BM (incl. SIPLUS variants)LOGO! Soft Comfort
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
Details not found