Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-38902

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-24 Jun, 2024 | 00:00
Updated At-13 Mar, 2025 | 15:04
Rejected At-
Credits

H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:24 Jun, 2024 | 00:00
Updated At:13 Mar, 2025 | 15:04
Rejected At:
▼CVE Numbering Authority (CNA)

H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/hardcode/README.md
N/A
Hyperlink: https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/hardcode/README.md
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
New H3C Technologies Co., Ltd.h3c
Product
magic_r230
CPEs
  • cpe:2.3:h:h3c:magic_r230:v100r002:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • v100r002
Problem Types
TypeCWE IDDescription
CWECWE-259CWE-259 Use of Hard-coded Password
Type: CWE
CWE ID: CWE-259
Description: CWE-259 Use of Hard-coded Password
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/hardcode/README.md
x_transferred
Hyperlink: https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/hardcode/README.md
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:24 Jun, 2024 | 21:15
Updated At:27 May, 2025 | 16:21

H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
New H3C Technologies Co., Ltd.
h3c
>>magic_r230_firmware>>100r002
cpe:2.3:o:h3c:magic_r230_firmware:100r002:*:*:*:*:*:*:*
New H3C Technologies Co., Ltd.
h3c
>>magic_r230>>-
cpe:2.3:h:h3c:magic_r230:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-259Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-259
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/hardcode/README.mdcve@mitre.org
Exploit
Third Party Advisory
https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/hardcode/README.mdaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/hardcode/README.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/hardcode/README.md
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

121Records found
CVE-2022-30923
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:24
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30912
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:23
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30916
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:23
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30925
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:24
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30921
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:24
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30926
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:24
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30910
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:23
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30920
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:24
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30914
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:23
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30915
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:23
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30918
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:23
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnet parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30913
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:23
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30922
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:24
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30917
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:23
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37098
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG-0.06%
Published-25 Aug, 2022 | 14:04
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateIpv6Params.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-h200_firmwareh200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37097
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG-0.06%
Published-25 Aug, 2022 | 14:04
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPInfoById.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-h200_firmwareh200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34609
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 43.30%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 13:41
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /doping.asp.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaremagic_r200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34600
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 13:41
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaremagic_r200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34610
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 43.30%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 13:41
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the URL /ihomers/app.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaremagic_r200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37073
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG-0.06%
Published-25 Aug, 2022 | 14:00
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanModeMulti.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-gr-1200w_firmwaregr-1200wn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30919
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:23
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30909
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:23
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-57479
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 40.35%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 00:00
Updated-27 May, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-n12n12_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-37094
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG-0.06%
Published-25 Aug, 2022 | 14:04
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-h200_firmwareh200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37088
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG+0.24%
Published-25 Aug, 2022 | 14:03
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAP5GWifiById.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-h200_firmwareh200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37072
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG-0.06%
Published-25 Aug, 2022 | 14:00
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanLinkspyMulti.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-gr-1200w_firmwaregr-1200wn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37095
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG-0.06%
Published-25 Aug, 2022 | 14:04
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateWanParams.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-h200_firmwareh200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30924
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:24
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34601
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 13:41
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaremagic_r200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34599
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 13:41
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaremagic_r200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4708
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.21% / 43.39%
||
7 Day CHG-0.08%
Published-02 Jul, 2024 | 23:06
Updated-29 Aug, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mySCADA myPRO Use of Hard-coded Password

mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.

Action-Not Available
Vendor-myscadamySCADAmyscada
Product-mypromyPROmypro
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-2645
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.8||CRITICAL
EPSS-5.62% / 89.97%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 07:00
Updated-02 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
USR USR-G806 Web Management Page hard-coded password

A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded password. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-228774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-usrUSR
Product-usr-g806usr-g806_firmwareUSR-G806
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2020-12045
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.00%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 13:43
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Baxter Spectrum v8.x (model 35700BAX2), operates a Telnet service on Port 1023 with hard-coded credentials.

Action-Not Available
Vendor-n/aBaxter International, Inc.
Product-sigma_spectrum_infusion_system_firmwaresigma_spectrum_infusion_systemwireless_battery_moduleBaxter Sigma Spectrum Infusion Pumps
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-12047
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.00%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 13:41
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials.

Action-Not Available
Vendor-n/aBaxter International, Inc.
Product-sigma_spectrum_infusion_system_firmwaresigma_spectrum_infusion_systemwireless_battery_moduleBaxter Sigma Spectrum Infusion Pumps
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-43423
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.17% / 39.06%
||
7 Day CHG~0.00%
Published-24 Sep, 2024 | 23:47
Updated-01 Oct, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Use of Hard-coded Password

The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.

Action-Not Available
Vendor-doverfuelingsolutionsDover Fueling Solutions (DFS)doverfuelingsolutions
Product-progauge_maglink_lx4_consoleprogauge_maglink_lx_console_firmwareprogauge_maglink_lx_consoleprogauge_maglink_lx4_console_firmwareProGauge MAGLINK LX CONSOLEProGauge MAGLINK LX4 CONSOLEmaglink_lx4_consolemaglink_lx_console
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-38456
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.80%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 13:37
Updated-17 Sep, 2024 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moxa MXview Network Management Software

A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords

Action-Not Available
Vendor-Moxa Inc.
Product-mxviewMXview Network Management Software
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-41616
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.82% / 73.37%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 00:00
Updated-07 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-300_firmwaredir-300n/adir-300_firmware
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-36526
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.42%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 00:00
Updated-17 Jun, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key.

Action-Not Available
Vendor-n/aZKTeco Co., Ltd.
Product-zkbio_cvsecurityn/azkbio_cvsecurity
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2021-32521
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.3||HIGH
EPSS-0.22% / 44.53%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 14:12
Updated-16 Sep, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QSAN Storage Manager, XEVO, SANOS - Use of Hard-coded Password

Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

Action-Not Available
Vendor-qsanQSAN
Product-sanosxevostorage_managerXEVOStorage ManagerSANOS
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-34025
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.02% / 3.74%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 19:17
Updated-04 Aug, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel business Use of Hard-coded Password

CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-powerpanelPowerPanel businesspowerpanel_business
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2024-33625
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 5.33%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 19:19
Updated-04 Aug, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel business Use of Hard-coded Password

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-powerpanelPowerPanel businesspowerpanel_business
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2024-31810
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.84%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 19:58
Updated-29 Mar, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n/aex200
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2021-27440
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.08%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 19:28
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).

Action-Not Available
Vendor-gen/a
Product-reason_dr60reason_dr60_firmwareReason DR60
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-28010
Matching Score-4
Assigner-NEC Corporation
ShareView Details
Matching Score-4
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 45.12%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:54
Updated-14 Jan, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.

Action-Not Available
Vendor-NEC Corporation
Product-WR6600HWM3500RW300PWR8300NWR1200HWR6670SWG600HPWF1200HP2WM3400RNWM3800RWR9300NWR8166NWG1800HP4WG2200HPWR8165NWG1200HS3WR6650SWM3450RNWG1200HSWF300HP2WG1200HP3WG1900HP2WF800HPWR8400NWR9500NWR8100NWF1200HPWR8160NWR7800HWR8500NWG1810HP(JE)WG1810HP(MF)WR4500NWR8200NWR8170NWG1800HP2CR2500PWR8600NWG1800HPWG1200HPWF300HPWM3600RWG1900HPWR8150NWG1200HS2WR4100NWG1400HPWR8370NWR8750NWR8175NWR7870SWG1800HP3WG1200HP2WR7850SMR01LNWG300HPMR02LNWR8700NW1200EX(-MS)aterm_wg1800hp4_firmware
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2024-25825
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.63%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 00:00
Updated-11 Oct, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password.

Action-Not Available
Vendor-n/afydeos
Product-n/aopenfydefydeos
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2024-21990
Matching Score-4
Assigner-NetApp, Inc.
ShareView Details
Matching Score-4
Assigner-NetApp, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.04%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 19:35
Updated-10 Feb, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials.

Action-Not Available
Vendor-NetApp, Inc.
Product-ontap_select_deploy_administration_utilityONTAP Select Deploy administration utilityclustered_data_ontap
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-22729
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.49%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 10:44
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized administrative privileges when accessing to the charging station web server.

Action-Not Available
Vendor-n/a
Product-evlink_city_evc1s22p4evlink_parking_evf2evlink_parking_evf2_firmwareevlink_parking_ev.2_firmwareevlink_parking_evw2evlink_city_evc1s22p4_firmwareevlink_city_evc1s7p4_firmwareevlink_smart_wallbox_evb1a_firmwareevlink_smart_wallbox_evb1aevlink_parking_evw2_firmwareevlink_parking_ev.2evlink_city_evc1s7p4EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2023-41030
Matching Score-4
Assigner-Exodus Intelligence
ShareView Details
Matching Score-4
Assigner-Exodus Intelligence
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.30%
||
7 Day CHG~0.00%
Published-18 Sep, 2023 | 18:22
Updated-25 Sep, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Juplink RX4-1500 Hard-coded Credential Vulnerability

Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.

Action-Not Available
Vendor-juplinkJuplink
Product-rx4-1500_firmwarerx4-1500RX4-1500
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-5222
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-90.66% / 99.60%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 13:31
Updated-02 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password

A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-viessmannViessmann
Product-vitogate_300vitogate_300_firmwareVitogate 300
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2023-50948
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.88%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 01:43
Updated-03 Jun, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Fusion HCI information disclosure

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671.

Action-Not Available
Vendor-IBM Corporation
Product-storage_fusion_hciStorage Fusion HCI
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found