Total
1153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46711 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-01-04 | N/A | 4.6 MEDIUM |
| VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user. | |||||
| CVE-2023-40236 | 1 Pexip | 1 Virtual Meeting Rooms | 2023-12-29 | N/A | 5.3 MEDIUM |
| In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass. | |||||
| CVE-2023-43870 | 1 Paxton-access | 1 Net2 | 2023-12-28 | N/A | 9.8 CRITICAL |
| When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content. | |||||
| CVE-2023-48388 | 1 Multisuns | 2 Easylog Web\+, Easylog Web\+ Firmware | 2023-12-22 | N/A | 9.8 CRITICAL |
| Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service. | |||||
| CVE-2023-48392 | 1 Kaifa | 1 Webitr Attendance System | 2023-12-22 | N/A | 9.8 CRITICAL |
| Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information. | |||||
| CVE-2023-47704 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220. | |||||
| CVE-2023-48374 | 1 Csharp | 1 Cws Collaborative Development Platform | 2023-12-21 | N/A | 6.5 MEDIUM |
| SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information. | |||||
| CVE-2023-45499 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2023-12-21 | N/A | 9.8 CRITICAL |
| VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials. | |||||
| CVE-2023-6448 | 1 Unitronics | 26 Vision1040, Vision1040 Firmware, Vision120 and 23 more | 2023-12-19 | N/A | 9.8 CRITICAL |
| Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system. | |||||
| CVE-2023-36651 | 1 Prolion | 1 Cryptospike | 2023-12-14 | N/A | 7.2 HIGH |
| Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. | |||||
| CVE-2023-36647 | 1 Prolion | 1 Cryptospike | 2023-12-14 | N/A | 7.5 HIGH |
| A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens. | |||||
| CVE-2023-33413 | 1 Supermicro | 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more | 2023-12-13 | N/A | 8.8 HIGH |
| The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. | |||||
| CVE-2023-40300 | 1 Netscout | 1 Ngeniuspulse | 2023-12-12 | N/A | 9.8 CRITICAL |
| NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. | |||||
| CVE-2023-47213 | 1 C-first | 56 Cfr-1004ea, Cfr-1004ea Firmware, Cfr-1008ea and 53 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround. | |||||
| CVE-2023-40464 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2023-12-10 | N/A | 6.8 MEDIUM |
| Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server. | |||||
| CVE-2023-29064 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2023-12-10 | N/A | 4.3 MEDIUM |
| The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts. | |||||
| CVE-2023-48055 | 1 Superagi | 1 Superagi | 2023-12-10 | N/A | 7.5 HIGH |
| SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications. | |||||
| CVE-2023-23324 | 1 Zumtobel | 2 Netlink Ccd, Netlink Ccd Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account. | |||||
| CVE-2023-28895 | 1 Preh | 2 Mib3, Mib3 Firmware | 2023-12-10 | N/A | 6.8 MEDIUM |
| The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | |||||
| CVE-2023-40463 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2023-12-10 | N/A | 7.2 HIGH |
| When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access. | |||||