Total
965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30318 | 1 Honeywell | 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more | 2022-09-07 | N/A | 9.8 CRITICAL |
| Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service. | |||||
| CVE-2022-38116 | 1 Leyan | 1 Salary Management System | 2022-09-06 | N/A | 9.8 CRITICAL |
| Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service. | |||||
| CVE-2022-31269 | 1 Nortekcontrol | 2 Emerge E3, Emerge E3 Firmware | 2022-09-02 | N/A | 8.2 HIGH |
| Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.) | |||||
| CVE-2022-36558 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2022-09-02 | N/A | 9.8 CRITICAL |
| Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg. | |||||
| CVE-2022-36560 | 1 Seiko-sol | 2 Skybridge Mb-a200, Skybridge Mb-a200 Firmware | 2022-09-02 | N/A | 9.8 CRITICAL |
| Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh. | |||||
| CVE-2022-38556 | 1 Trendnet | 2 Tew733gr, Tew733gr Firmware | 2022-09-01 | N/A | 9.8 CRITICAL |
| Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | |||||
| CVE-2022-36611 | 1 Totolink | 2 A800r, A800r Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36614 | 1 Totolink | 2 A860r, A860r Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36615 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36613 | 1 Totolink | 2 N600r, N600r Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36610 | 1 Totolink | 2 A720r, A720r Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36616 | 1 Totolink | 2 A810r, A810r Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36612 | 1 Totolink | 2 A950rg, A950rg Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-38557 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2022-09-01 | N/A | 9.8 CRITICAL |
| D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | |||||
| CVE-2022-30036 | 1 Malighting | 2 Grandma2 Light, Grandma2 Light Firmware | 2022-08-26 | N/A | 8.8 HIGH |
| MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's position is that the product was designed for isolated networks. Also, the successor product, grandMA3, is not affected by this vulnerability. | |||||
| CVE-2022-36170 | 1 Mapgis | 1 Igserver | 2022-08-23 | N/A | 8.8 HIGH |
| MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion. | |||||
| CVE-2022-36171 | 1 Mapgis | 1 Mapgis Igserver | 2022-08-22 | N/A | 8.1 HIGH |
| MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. | |||||
| CVE-2022-35540 | 1 Dotnetcore | 1 Agileconfig | 2022-08-19 | N/A | 9.8 CRITICAL |
| Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. | |||||
| CVE-2022-1400 | 1 Device42 | 1 Cmdb | 2022-08-18 | N/A | 9.8 CRITICAL |
| Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00. | |||||
| CVE-2021-44720 | 1 Pulsesecure | 1 Pulse Connect Secure | 2022-08-16 | N/A | 7.2 HIGH |
| In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role. | |||||