Total
1153 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-23816 | 2024-02-13 | N/A | 9.8 CRITICAL | ||
A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application. | |||||
CVE-2024-22853 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-02-12 | N/A | 9.8 CRITICAL |
D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. | |||||
CVE-2024-21764 | 1 Rapidscada | 1 Rapid Scada | 2024-02-07 | N/A | 9.8 CRITICAL |
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. | |||||
CVE-2023-51840 | 1 Html-js | 1 Doracms | 2024-02-03 | N/A | 9.8 CRITICAL |
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. | |||||
CVE-2024-24324 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2024-02-01 | N/A | 9.8 CRITICAL |
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | |||||
CVE-2023-6482 | 1 Synaptics | 1 Fingerprint Driver | 2024-02-01 | N/A | 5.2 MEDIUM |
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. | |||||
CVE-2024-23619 | 1 Ibm | 1 Merge Efilm Workstation | 2024-01-31 | 10.0 HIGH | 9.8 CRITICAL |
A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. | |||||
CVE-2024-23453 | 1 Spooncast | 1 Spoon | 2024-01-29 | N/A | 5.5 MEDIUM |
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. | |||||
CVE-2024-22769 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-01-29 | N/A | 7.5 HIGH |
Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
CVE-2024-22770 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-01-29 | N/A | 7.5 HIGH |
Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
CVE-2024-22771 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-01-29 | N/A | 7.5 HIGH |
Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
CVE-2024-22772 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-01-29 | N/A | 7.5 HIGH |
Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
CVE-2024-23842 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-01-29 | N/A | 7.5 HIGH |
Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
CVE-2024-22768 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-01-29 | N/A | 7.5 HIGH |
Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
CVE-2024-23726 | 1 Ubeeinteractive | 2 Ddw365, Ddw365 Firmware | 2024-01-29 | N/A | 8.8 HIGH |
Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit. | |||||
CVE-2024-23685 | 1 Openlibraryfoundation | 1 Mod-remote-storage | 2024-01-26 | N/A | 5.3 MEDIUM |
Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types. | |||||
CVE-2022-35866 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2024-01-26 | N/A | 9.8 CRITICAL |
This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139. | |||||
CVE-2024-23687 | 1 Openlibraryfoundation | 1 Mod-data-export-spring | 2024-01-26 | N/A | 9.1 CRITICAL |
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines. | |||||
CVE-2022-3214 | 1 Deltaww | 1 Diaenergie | 2024-01-25 | N/A | 9.8 CRITICAL |
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. | |||||
CVE-2023-39169 | 1 Enbw | 2 Senec Storage Box, Senec Storage Box Firmware | 2024-01-25 | N/A | 9.8 CRITICAL |
The affected devices use publicly available default credentials with administrative privileges. |