Vulnerabilities (CVE)

Filtered by CWE-798
Total 1146 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-48251 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2024-01-17 N/A 9.8 CRITICAL
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.
CVE-2023-48250 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2024-01-17 N/A 9.8 CRITICAL
The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.
CVE-2017-14027 1 Korenix 18 Jetnet5018g Firmware, Jetnet5310g Firmware, Jetnet5428g-2g-2fx Firmware and 15 more 2024-01-17 10.0 HIGH 9.8 CRITICAL
A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access.
CVE-2020-12501 2 Korenix, Pepperl-fuchs 52 Jetnet4510 Firmware, Jetnet4706 Firmware, Jetnet4706f Firmware and 49 more 2024-01-17 7.5 HIGH 9.8 CRITICAL
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
CVE-2017-14021 1 Korenix 18 Jetnet5018g Firmware, Jetnet5310g Firmware, Jetnet5428g-2g-2fx Firmware and 15 more 2024-01-17 10.0 HIGH 9.8 CRITICAL
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.
CVE-2023-50974 1 Appwrite 1 Command Line Interface 2024-01-12 N/A 5.5 MEDIUM
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.
CVE-2023-50948 1 Ibm 1 Storage Fusion Hci 2024-01-11 N/A 9.8 CRITICAL
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671.
CVE-2023-37608 1 Automaticsystems 2 Soc Fl9600 Firstlane, Soc Fl9600 Firstlane Firmware 2024-01-09 N/A 7.5 HIGH
An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to obtain sensitive information via the admin login credentials.
CVE-2023-46919 1 Fedirtsapana 2 Simple Http Server, Simple Http Server Plus 2024-01-05 N/A 6.3 MEDIUM
Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K encryption key. The threat is from a man-in-the-middle attacker who can intercept and potentially modify data during transmission.
CVE-2023-46918 1 Fedirtsapana 1 Simple Http Server Plus 2024-01-05 N/A 4.6 MEDIUM
Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device.
CVE-2023-49228 1 Peplink 2 Balance Two, Balance Two Firmware 2024-01-04 N/A 6.4 MEDIUM
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.
CVE-2023-46711 1 Buffalo 2 Vr-s1000, Vr-s1000 Firmware 2024-01-04 N/A 4.6 MEDIUM
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user.
CVE-2023-40236 1 Pexip 1 Virtual Meeting Rooms 2023-12-29 N/A 5.3 MEDIUM
In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.
CVE-2023-43870 1 Paxton-access 1 Net2 2023-12-28 N/A 9.8 CRITICAL
When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content.
CVE-2023-48388 1 Multisuns 2 Easylog Web\+, Easylog Web\+ Firmware 2023-12-22 N/A 9.8 CRITICAL
Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.
CVE-2023-48392 1 Kaifa 1 Webitr Attendance System 2023-12-22 N/A 9.8 CRITICAL
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information.
CVE-2023-47704 3 Ibm, Linux, Microsoft 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more 2023-12-22 N/A 7.5 HIGH
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220.
CVE-2023-48374 1 Csharp 1 Cws Collaborative Development Platform 2023-12-21 N/A 6.5 MEDIUM
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information.
CVE-2023-45499 1 Vinchin 1 Vinchin Backup And Recovery 2023-12-21 N/A 9.8 CRITICAL
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.
CVE-2023-6448 1 Unitronics 26 Vision1040, Vision1040 Firmware, Vision120 and 23 more 2023-12-19 N/A 9.8 CRITICAL
Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.