Vulnerabilities (CVE)

Filtered by CWE-798
Total 652 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21820 1 Dlink 2 Dir-3040, Dir-3040 Firmware 2021-07-22 7.5 HIGH 9.8 CRITICAL
A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2021-21818 1 Dlink 2 Dir-3040, Dir-3040 Firmware 2021-07-22 5.0 MEDIUM 7.5 HIGH
A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2021-32525 1 Qsan 1 Storage Manager 2021-07-22 9.0 HIGH 7.2 HIGH
The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interface with the administrator’s credential, entering the hard-coded password of the debug mode to execute the restricted system instructions. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
CVE-2021-32521 1 Qsan 3 Sanos, Storage Manager, Xevo 2021-07-22 7.5 HIGH 9.8 CRITICAL
Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
CVE-2021-32535 1 Qsan 1 Sanos 2021-07-22 7.5 HIGH 9.8 CRITICAL
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.
CVE-2021-32520 1 Qsan 1 Storage Manager 2021-07-22 7.5 HIGH 9.8 CRITICAL
Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
CVE-2019-19898 1 Ixpdata 1 Easyinstall 2021-07-21 5.0 MEDIUM 7.5 HIGH
In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely.
CVE-2020-0019 1 Google 1 Android 2021-07-21 2.1 LOW 5.5 MEDIUM
In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local information disclosure in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413798
CVE-2020-4001 1 Vmware 1 Sd-wan Orchestrator 2021-07-21 7.5 HIGH 9.8 CRITICAL
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.
CVE-2020-7233 1 Kmccontrols 2 Bac-a1616bc, Bac-a1616bc Firmware 2021-07-21 10.0 HIGH 9.8 CRITICAL
KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file.
CVE-2020-6857 1 Taskautomation 1 Carbonftp 2021-07-21 2.1 LOW 5.5 MEDIUM
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.
CVE-2020-11876 1 Zoom 1 Meetings 2021-07-21 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initialization only occurs within unreachable code.
CVE-2020-14070 1 Mk-auth 1 Mk-auth 2021-07-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access.
CVE-2020-9306 1 Tesla 1 Solarcity Solar Monitoring Gateway 2021-07-21 5.8 MEDIUM 8.8 HIGH
Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.
CVE-2021-20537 2 Docker, Ibm 2 Docker, Security Verify Access 2021-07-20 4.0 MEDIUM 6.5 MEDIUM
IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918
CVE-2021-20748 1 Retty 1 Retty 2021-07-16 5.0 MEDIUM 7.5 HIGH
Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
CVE-2021-1574 1 Cisco 1 Business Process Automation 2021-07-12 6.5 MEDIUM 8.8 HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions with the privileges of an administrator, or by retrieving sensitive data from the logs and using it to impersonate a legitimate privileged user. A successful exploit could allow the attacker to elevate privileges to Administrator.
CVE-2021-33219 1 Commscope 1 Ruckus Iot Controller 2021-07-09 7.5 HIGH 9.8 CRITICAL
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
CVE-2021-33218 1 Commscope 1 Ruckus Iot Controller 2021-07-09 10.0 HIGH 9.8 CRITICAL
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.
CVE-2021-33220 1 Commscope 1 Ruckus Iot Controller 2021-07-09 4.6 MEDIUM 7.8 HIGH
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist.