Total
965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45521 | 1 Netgear | 6 Rbk352, Rbk352 Firmware, Rbr350 and 3 more | 2022-01-05 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. | |||||
| CVE-2021-45522 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2022-01-04 | 7.5 HIGH | 8.8 HIGH |
| NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded password. | |||||
| CVE-2021-44207 | 1 Acclaimsystems | 1 Usaherds | 2022-01-04 | 6.8 MEDIUM | 8.1 HIGH |
| Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. | |||||
| CVE-2021-41028 | 1 Fortinet | 2 Forticlient, Forticlient Endpoint Management Server | 2022-01-04 | 5.4 MEDIUM | 7.5 HIGH |
| A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol. | |||||
| CVE-2020-8657 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2022-01-01 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token. | |||||
| CVE-2020-26892 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Nats-server | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. | |||||
| CVE-2021-36799 | 1 Knx | 1 Engineering Tool Software 5 | 2021-12-15 | 2.1 LOW | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-7515 | 1 Schneider-electric | 1 Easergy Builder | 2021-12-10 | 2.1 LOW | 7.8 HIGH |
| A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password. | |||||
| CVE-2021-26108 | 1 Fortinet | 1 Fortios | 2021-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering. | |||||
| CVE-2021-43282 | 1 Govicture | 2 Wr1200, Wr1200 Firmware | 2021-12-03 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router's MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network interface controller (NIC). An attacker within scanning range of the Wi-Fi network can thus scan for Wi-Fi networks to obtain the default key. | |||||
| CVE-2021-43284 | 1 Govicture | 2 Wr1200, Wr1200 Firmware | 2021-12-03 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface). | |||||
| CVE-2020-13414 | 1 Aviatrix | 2 Controller, Gateway | 2021-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. | |||||
| CVE-2021-26611 | 1 Hej | 2 Hejhome Gkw-ic052, Hejhome Gkw-ic052 Firmware | 2021-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..) | |||||
| CVE-2021-43575 | 1 Knx | 1 Engineering Tool Software 6 | 2021-11-15 | 2.1 LOW | 5.5 MEDIUM |
| ** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported. | |||||
| CVE-2021-40519 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2021-11-12 | 6.4 MEDIUM | 10.0 CRITICAL |
| Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials. | |||||
| CVE-2021-40119 | 1 Cisco | 1 Policy Suite | 2021-11-12 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user. | |||||
| CVE-2020-14510 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2021-11-04 | 10.0 HIGH | 9.8 CRITICAL |
| GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. | |||||
| CVE-2021-41320 | 1 Iongroup | 1 Wallstreet Suite | 2021-10-21 | 2.1 LOW | 5.5 MEDIUM |
| A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. | |||||
| CVE-2021-33583 | 1 Reiner-sct | 1 Timecard | 2021-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file. | |||||
| CVE-2021-41299 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 10.0 HIGH | 9.8 CRITICAL |
| ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in. | |||||