Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-798
Total 965 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29889 1 Goabode 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware 2022-10-26 N/A 9.8 CRITICAL
A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability.
CVE-2022-32965 1 Omicard Edm Project 1 Omicard Edm 2022-10-25 N/A 9.8 CRITICAL
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.
CVE-2022-25521 1 Nuuo 1 Network Video Recorder Firmware 2022-10-25 10.0 HIGH 9.8 CRITICAL
NUUO v03.11.00 was discovered to contain access control issue.
CVE-2022-38117 1 Juiker 1 Juiker 2022-10-25 N/A 6.1 MEDIUM
Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it.
CVE-2021-40422 1 Swiftsensors 2 Sg3-1010, Sg3-1010 Firmware 2022-10-24 10.0 HIGH 10.0 CRITICAL
An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2021-40390 1 Moxa 1 Mxview 2022-10-24 7.5 HIGH 9.8 CRITICAL
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-34757 1 Cisco 32 Business 220-16p-2g, Business 220-16p-2g Firmware, Business 220-16t-2g and 29 more 2022-10-24 3.6 LOW 5.5 MEDIUM
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2021-34744 1 Cisco 32 Business 220-16p-2g, Business 220-16p-2g Firmware, Business 220-16t-2g and 29 more 2022-10-24 4.0 MEDIUM 4.9 MEDIUM
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2020-25193 1 Ge 6 Rt430, Rt430 Firmware, Rt431 and 3 more 2022-10-21 5.0 MEDIUM 5.3 MEDIUM
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.
CVE-2022-41540 1 Tp-link 2 Ax10, Ax10 Firmware 2022-10-20 N/A 5.9 MEDIUM
The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information.
CVE-2022-42980 1 Go-admin 1 Go-admin 2022-10-20 N/A 9.8 CRITICAL
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
CVE-2022-38420 1 Adobe 1 Coldfusion 2022-10-19 N/A 7.5 HIGH
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction.
CVE-2020-12501 2 Korenix, Pepperl-fuchs 52 Jetnet4510, Jetnet4510 Firmware, Jetnet4706 and 49 more 2022-10-19 7.5 HIGH 9.8 CRITICAL
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
CVE-2019-6812 1 Schneider-electric 2 Bmx-nor-0200h, Bmx-nor-0200h Firmware 2022-10-13 4.0 MEDIUM 7.2 HIGH
A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol.
CVE-2019-7672 1 Primasystems 1 Flexair 2022-10-13 6.5 MEDIUM 8.8 HIGH
Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges.
CVE-2019-7261 1 Nortekcontrol 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more 2022-10-13 10.0 HIGH 9.8 CRITICAL
Linear eMerge E3-Series devices have Hard-coded Credentials.
CVE-2022-1701 1 Sonicwall 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more 2022-10-13 5.0 MEDIUM 7.5 HIGH
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.
CVE-2019-7265 1 Nortekcontrol 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more 2022-10-13 10.0 HIGH 9.8 CRITICAL
Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).
CVE-2022-34425 1 Dell 1 Enterprise Sonic Distribution 2022-10-13 N/A 7.5 HIGH
Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.
CVE-2018-17771 1 Ingenico 2 Telium 2, Telium 2 Firmware 2022-10-07 7.2 HIGH 6.6 MEDIUM
Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N.