Total
965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27440 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2022-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | |||||
| CVE-2018-17767 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2022-10-07 | 7.2 HIGH | 6.8 MEDIUM |
| Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
| CVE-2020-9289 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2022-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. | |||||
| CVE-2022-20844 | 1 Cisco | 1 Sd-wan | 2022-10-05 | N/A | 5.3 MEDIUM |
| A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses. | |||||
| CVE-2022-36159 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2022-10-03 | N/A | 8.8 HIGH |
| Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware. | |||||
| CVE-2022-35413 | 1 Pentasecurity | 1 Wapples | 2022-09-30 | N/A | 9.8 CRITICAL |
| WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001. | |||||
| CVE-2022-28812 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2022-09-29 | N/A | 9.8 CRITICAL |
| In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device. | |||||
| CVE-2022-22522 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2022-09-29 | N/A | 9.8 CRITICAL |
| In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device. | |||||
| CVE-2021-34565 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2022-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. | |||||
| CVE-2006-7142 | 1 Utimaco Safeware | 1 Safeguard Easy | 2022-09-22 | 4.1 MEDIUM | N/A |
| The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive. | |||||
| CVE-2022-3214 | 1 Deltaww | 1 Diaenergie | 2022-09-21 | N/A | 9.8 CRITICAL |
| Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Version 1.8.0 and prior have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. | |||||
| CVE-2021-0266 | 1 Juniper | 2 Csrx, Junos | 2022-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2. | |||||
| CVE-2022-38823 | 1 Totolink | 2 T6, T6 Firmware | 2022-09-16 | N/A | 9.8 CRITICAL |
| In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample. | |||||
| CVE-2022-31322 | 1 Pentasecurity | 1 Wapples | 2022-09-16 | N/A | 7.8 HIGH |
| Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables. | |||||
| CVE-2022-38069 | 1 Contechealth | 2 Cms8000, Cms8000 Firmware | 2022-09-14 | N/A | 6.1 MEDIUM |
| Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device parameters | |||||
| CVE-2022-37857 | 1 Hauk Project | 1 Hauk | 2022-09-14 | N/A | 7.5 HIGH |
| bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default. | |||||
| CVE-2022-38394 | 1 Allied-telesis | 2 Centrecom Ar260s, Centrecom Ar260s Firmware | 2022-09-13 | N/A | 9.8 CRITICAL |
| Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command. | |||||
| CVE-2022-40111 | 1 Totolink | 2 A3002r, A3002r Firmware | 2022-09-09 | N/A | 9.8 CRITICAL |
| In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware. | |||||
| CVE-2022-36672 | 1 Novel-plus Project | 1 Novel-plus | 2022-09-09 | N/A | 9.8 CRITICAL |
| Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session. | |||||
| CVE-2022-37841 | 1 Totolink | 2 A860r, A860r Firmware | 2022-09-08 | N/A | 7.5 HIGH |
| In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample. | |||||