Total
965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32967 | 1 Realtek | 4 Rtl8111ep-cg, Rtl8111ep-cg Firmware, Rtl8111fp-cg and 1 more | 2022-11-29 | N/A | 2.1 LOW |
| RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information. | |||||
| CVE-2021-43044 | 1 Kaseya | 1 Unitrends Backup | 2022-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community. | |||||
| CVE-2022-29825 | 1 Mitsubishielectric | 1 Gx Works3 | 2022-11-28 | N/A | 7.5 HIGH |
| Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 all versions allows an unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. | |||||
| CVE-2022-29828 | 1 Mitsubishielectric | 1 Gx Works3 | 2022-11-28 | N/A | 7.5 HIGH |
| Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. | |||||
| CVE-2022-29829 | 1 Mitsubishielectric | 1 Gx Works3 | 2022-11-28 | N/A | 7.5 HIGH |
| Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information . As a result, unauthorized users may view or execute programs illegally. | |||||
| CVE-2022-29830 | 1 Mitsubishielectric | 1 Gx Works3 | 2022-11-28 | N/A | 9.1 CRITICAL |
| Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthorized users may obtain information about project files illegally. | |||||
| CVE-2022-29831 | 1 Mitsubishielectric | 1 Gx Works3 | 2022-11-28 | N/A | 7.5 HIGH |
| Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to obtain information about the project file for MELSEC safety CPU modules. | |||||
| CVE-2022-29827 | 1 Mitsubishielectric | 1 Gx Works3 | 2022-11-28 | N/A | 7.5 HIGH |
| Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. | |||||
| CVE-2022-40602 | 1 Zyxel | 2 Lte3301-m209, Lte3301-m209 Firmware | 2022-11-25 | N/A | 9.8 CRITICAL |
| A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. | |||||
| CVE-2018-20432 | 1 Dlink | 4 Covr-2600r, Covr-2600r Firmware, Covr-3902 and 1 more | 2022-11-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. | |||||
| CVE-2021-34577 | 1 Kadenvodomery | 2 Picoflux Air, Picoflux Air Firmware | 2022-11-15 | N/A | 6.5 MEDIUM |
| In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device. | |||||
| CVE-2022-37710 | 1 Pattersondental | 1 Eaglesoft | 2022-11-08 | N/A | 7.8 HIGH |
| Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file. | |||||
| CVE-2022-20868 | 1 Cisco | 4 Asyncos, Secure Email And Web Manager, Secure Email Gateway and 1 more | 2022-11-08 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account. | |||||
| CVE-2022-40263 | 1 Bd | 2 Totalys Multiprocessor, Totalys Multiprocessor Firmware | 2022-11-07 | N/A | 7.8 HIGH |
| BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability. | |||||
| CVE-2020-13963 | 1 Soplanning | 1 Soplanning | 2022-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account). | |||||
| CVE-2022-42176 | 1 Pctechsoft | 1 Pcsecure | 2022-11-04 | N/A | 7.8 HIGH |
| In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access. | |||||
| CVE-2020-15326 | 1 Zyxel | 1 Cloudcnm Secumanager | 2022-10-27 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. | |||||
| CVE-2020-15327 | 1 Zyxel | 1 Cloudcnm Secumanager | 2022-10-27 | N/A | 7.5 HIGH |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. | |||||
| CVE-2021-38461 | 1 Auvesy | 1 Versiondog | 2022-10-27 | 6.4 MEDIUM | 8.2 HIGH |
| The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries. | |||||
| CVE-2022-29477 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2022-10-26 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. | |||||