Total
1538 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25193 | 1 Ge | 6 Rt430, Rt430 Firmware, Rt431 and 3 more | 2025-04-16 | 5.3 Medium |
| By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection. | ||||
| CVE-2020-25168 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2025-04-16 | 3.3 Low |
| Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module. | ||||
| CVE-2021-33016 | 1 Kuka | 3 Kr C4, Kr C4 Firmware, Kss | 2025-04-16 | 9.8 Critical |
| An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. | ||||
| CVE-2020-36547 | 1 Ge | 2 Voluson S8, Voluson S8 Firmware | 2025-04-16 | 5.9 Medium |
| A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings. | ||||
| CVE-2022-2107 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2025-04-16 | 9.8 Critical |
| The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number. | ||||
| CVE-2022-38069 | 1 Contechealth | 2 Cms8000, Cms8000 Firmware | 2025-04-16 | 4.3 Medium |
| Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device parameters | ||||
| CVE-2022-41653 | 1 Daikinlatam | 2 Svmpc1, Svmpc2 | 2025-04-16 | 9.8 Critical |
| Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system. | ||||
| CVE-2022-2660 | 1 Deltaww | 1 Dialink | 2025-04-16 | 9.8 Critical |
| Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. | ||||
| CVE-2022-21199 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 5.9 Medium |
| An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | ||||
| CVE-2021-40390 | 1 Moxa | 1 Mxview | 2025-04-15 | 9.8 Critical |
| An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-40422 | 1 Swiftsensors | 2 Sg3-1010, Sg3-1010 Firmware | 2025-04-15 | 10 Critical |
| An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-26020 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 6.5 Medium |
| An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-27172 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 8.8 High |
| A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-22144 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2025-04-15 | 9.8 Critical |
| A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this vulnerability. | ||||
| CVE-2022-29477 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2025-04-15 | 9.8 Critical |
| An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-29889 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2025-04-15 | 9.8 Critical |
| A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability. | ||||
| CVE-2013-10002 | 1 Telecomsoftware | 2 Samwin Agent, Samwin Contact Center | 2025-04-15 | 6.5 Medium |
| A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2017-20039 | 1 Sicunet | 1 Access Control | 2025-04-15 | 9.8 Critical |
| A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely. | ||||
| CVE-2023-41612 | 2 Govicture, Victure | 3 Pc420, Pc420 Firmware, Pc420 Firmware | 2025-04-14 | 8.8 High |
| Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card. | ||||
| CVE-2023-41611 | 1 Govicture | 2 Pc420, Pc420 Firmware | 2025-04-14 | 6.5 Medium |
| Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data. | ||||