Total
1162 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-42336 | 1 Netis-systems | 2 Wf2409e, Wf2409e Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component. | |||||
CVE-2023-39982 | 1 Moxa | 1 Mxsecurity | 2023-12-10 | N/A | 5.9 MEDIUM |
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic. | |||||
CVE-2023-41713 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2023-12-10 | N/A | 7.5 HIGH |
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. | |||||
CVE-2023-33836 | 1 Ibm | 1 Security Verify Governance | 2023-12-10 | N/A | 9.8 CRITICAL |
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016. | |||||
CVE-2023-37755 | 1 I-doit | 1 I-doit | 2023-12-10 | N/A | 9.8 CRITICAL |
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS). | |||||
CVE-2023-41878 | 1 Metersphere | 1 Metersphere | 2023-12-10 | N/A | 9.8 CRITICAL |
MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2023-39420 | 1 Resortdata | 1 Internet Reservation Module Next Generation | 2023-12-10 | N/A | 8.8 HIGH |
The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file. Once reverse-engineered, this routine can help an attacker generate the daily password and connect to application customers. Given that this is an administrative account, anyone logging into a customer deployment has full, unrestricted access to the application. | |||||
CVE-2023-42492 | 1 Busbaer | 1 Eisbaer Scada | 2023-12-10 | N/A | 9.8 CRITICAL |
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key | |||||
CVE-2023-32227 | 1 Synel | 2 Synergy\/a, Synergy\/a Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials | |||||
CVE-2023-39808 | 1 Nvki | 1 Intelligent Broadband Subscriber Gateway | 2023-12-10 | N/A | 9.8 CRITICAL |
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service. | |||||
CVE-2023-33744 | 1 Teleadapt | 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671. | |||||
CVE-2023-31173 | 2 Microsoft, Selinc | 2 Windows, Sel-5037 Sel Grid Configurator | 2023-12-10 | N/A | 8.4 HIGH |
Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | |||||
CVE-2023-31808 | 1 Technicolor | 2 Tg670, Tg670 Firmware | 2023-12-10 | N/A | 7.2 HIGH |
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled. | |||||
CVE-2023-4419 | 1 Sick | 6 Lms500, Lms500 Firmware, Lms511 and 3 more | 2023-12-10 | N/A | 8.8 HIGH |
The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device. | |||||
CVE-2023-31579 | 1 Tangyh | 1 Lamp-cloud | 2023-12-10 | N/A | 9.8 CRITICAL |
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token. | |||||
CVE-2023-38026 | 1 Myspotcam | 2 Fhd 2, Fhd 2 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service. | |||||
CVE-2018-17558 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2023-12-10 | N/A | 9.8 CRITICAL |
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root. | |||||
CVE-2023-39422 | 1 Resortdata | 1 Internet Reservation Module Next Generation | 2023-12-10 | N/A | 9.8 CRITICAL |
The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless. | |||||
CVE-2023-22956 | 1 Audiocodes | 12 405hd, 405hd Firmware, 445hd and 9 more | 2023-12-10 | N/A | 7.5 HIGH |
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information. | |||||
CVE-2023-37426 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-12-10 | N/A | 7.5 HIGH |
EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host. |