Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-798
Total 965 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-10884 1 Tp-link 2 Ac1750, Ac1750 Firmware 2023-02-15 5.8 MEDIUM 8.8 HIGH
This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652.
CVE-2021-36224 1 Westerndigital 2 My Cloud Os, My Cloud Pr4100 2023-02-14 N/A 9.8 CRITICAL
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.
CVE-2021-29728 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, Linux On Ibm Z and 5 more 2023-02-14 4.0 MEDIUM 4.9 MEDIUM
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160.
CVE-2014-0175 3 Debian, Puppet, Redhat 3 Debian Linux, Marionette Collective, Openshift 2023-02-12 7.5 HIGH 9.8 CRITICAL
mcollective has a default password set at install
CVE-2023-24155 1 Totolink 2 T8, T8 Firmware 2023-02-10 N/A 9.8 CRITICAL
TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.
CVE-2023-24149 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-10 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.
CVE-2023-24147 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-10 N/A 7.5 HIGH
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.
CVE-2022-48113 1 Totolink 2 N200re-v5, N200re-v5 Firmware 2023-02-10 N/A 9.8 CRITICAL
A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.
CVE-2022-42973 2 Microsoft, Schneider-electric 8 Windows 10, Windows 11, Windows 7 and 5 more 2023-02-08 N/A 7.8 HIGH
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
CVE-2023-23132 1 Selfwealth 1 Selfwealth 2023-02-08 N/A 7.5 HIGH
Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys.
CVE-2023-24022 1 Baicells 5 Nova227, Nova233, Nova243 and 2 more 2023-02-03 N/A 9.8 CRITICAL
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)
CVE-2019-15017 1 Zingbox 1 Inspector 2023-02-03 7.2 HIGH 8.4 HIGH
The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials.
CVE-2019-15015 1 Zingbox 1 Inspector 2023-02-03 7.2 HIGH 8.4 HIGH
In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system.
CVE-2019-4309 1 Ibm 1 Security Guardium Big Data Intelligence 2023-02-03 2.1 LOW 5.5 MEDIUM
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035.
CVE-2022-38337 1 Mobatek 1 Mobaxterm 2023-02-03 N/A 9.1 CRITICAL
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used.
CVE-2019-15977 1 Cisco 1 Data Center Network Manager 2023-02-03 7.8 HIGH 7.5 HIGH
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2019-15976 1 Cisco 1 Data Center Network Manager 2023-02-03 10.0 HIGH 9.8 CRITICAL
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2019-15975 1 Cisco 1 Data Center Network Manager 2023-02-03 10.0 HIGH 9.8 CRITICAL
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2019-4220 1 Ibm 2 Infosphere Information Server On Cloud, Watson Knowledge Catalog 2023-02-03 2.1 LOW 5.5 MEDIUM
IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229.
CVE-2021-4228 1 Lannerinc 2 Iac-ast2500, Iac-ast2500 Firmware 2023-02-03 N/A 7.4 HIGH
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0.