Total
965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27181 | 1 Konzept-ix | 1 Publixone | 2021-07-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files. | |||||
| CVE-2020-24053 | 1 Moog | 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | |||||
| CVE-2020-9306 | 1 Tesla | 1 Solarcity Solar Monitoring Gateway | 2021-07-21 | 5.8 MEDIUM | 8.8 HIGH |
| Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. | |||||
| CVE-2019-7161 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data. | |||||
| CVE-2020-6882 | 1 Zte | 6 Zxhn E8810, Zxhn E8810 Firmware, Zxhn E8820 and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13> | |||||
| CVE-2019-5106 | 1 Wago | 1 E\!cockpit | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. | |||||
| CVE-2020-25493 | 1 Oclean | 1 Oclean | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic. | |||||
| CVE-2020-26097 | 1 Planet | 4 Nvr-1615, Nvr-1615 Firmware, Nvr-915 and 1 more | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-12627 | 1 Calibre-web Project | 1 Calibre-web | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key. | |||||
| CVE-2019-15801 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0. | |||||
| CVE-2019-15075 | 1 Inextrix | 1 Astpp | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key. | |||||
| CVE-2019-11946 | 1 Hp | 1 Intelligent Management Center | 2021-07-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-10851 | 1 Computrols | 1 Computrols Building Automation Software | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Computrols CBAS 18.0.0 has hard-coded encryption keys. | |||||
| CVE-2020-11719 | 1 Bilanc | 1 Bilanc | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It relies on broken encryption with a weak and guessable static encryption key. | |||||
| CVE-2020-24056 | 1 Verint | 6 4320, 4320 Firmware, 5620ptz and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | |||||
| CVE-2020-4983 | 1 Ibm | 2 Spectrum Lsf, Spectrum Lsf Suite | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM X-Force ID: 192586. | |||||
| CVE-2021-20748 | 1 Retty | 1 Retty | 2021-07-16 | 5.0 MEDIUM | 7.5 HIGH |
| Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | |||||
| CVE-2021-33219 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts. | |||||
| CVE-2021-33218 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access. | |||||
| CVE-2021-33220 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist. | |||||