Total
1434 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31808 | 1 Technicolor | 2 Tg670, Tg670 Firmware | 2024-11-21 | 7.2 High |
| Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled. | ||||
| CVE-2023-31581 | 1 Dromara | 1 Sureness | 2024-11-21 | 9.8 Critical |
| Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. | ||||
| CVE-2023-31579 | 1 Tangyh | 1 Lamp-cloud | 2024-11-21 | 9.8 Critical |
| Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token. | ||||
| CVE-2023-31173 | 3 Microsoft, Schweitzer Engineering Laboratories, Selinc | 3 Windows, Sel-5033 Acselerator Rtac Software, Sel-5037 Sel Grid Configurator | 2024-11-21 | 7.7 High |
| Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | ||||
| CVE-2023-29064 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-11-21 | 4.1 Medium |
| The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts. | ||||
| CVE-2023-27169 | 1 Xpand-it | 1 Write-back Manager | 2024-11-21 | 6.5 Medium |
| Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation. | ||||
| CVE-2023-26219 | 1 Tibco | 4 Hawk, Hawk Distribution For Tibco Silver Fabric, Operational Intelligence Hawk Redtail and 1 more | 2024-11-21 | 7.4 High |
| The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below. | ||||
| CVE-2023-26203 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | 6.1 Medium |
| A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. | ||||
| CVE-2023-23771 | 1 Motorola | 2 Mbts Base Radio, Mbts Base Radio Firmware | 2024-11-21 | 8.4 High |
| Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled. | ||||
| CVE-2023-23770 | 1 Motorola | 2 Mbts Site Controller, Mbts Site Controller Firmware | 2024-11-21 | 9.4 Critical |
| Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled. | ||||
| CVE-2023-23324 | 1 Zumtobel | 2 Netlink Ccd, Netlink Ccd Firmware | 2024-11-21 | 9.8 Critical |
| Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account. | ||||
| CVE-2023-22957 | 2 Audiocodes, Audiocodes Ltd | 13 405hd, 405hd Firmware, 445hd and 10 more | 2024-11-21 | 7.5 High |
| An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password. | ||||
| CVE-2023-22956 | 2 Audiocodes, Audiocodes Ltd | 13 405hd, 405hd Firmware, 445hd and 10 more | 2024-11-21 | 7.5 High |
| An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information. | ||||
| CVE-2023-21652 | 1 Qualcomm | 240 Aqt1000, Aqt1000 Firmware, Ar8035 and 237 more | 2024-11-21 | 7.7 High |
| Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. | ||||
| CVE-2023-20101 | 1 Cisco | 1 Emergency Responder | 2024-11-21 | 9.8 Critical |
| A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. | ||||
| CVE-2023-20038 | 1 Cisco | 1 Industrial Network Director | 2024-11-21 | 8.8 High |
| A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director. | ||||
| CVE-2023-20034 | 1 Cisco | 1 Sd-wan | 2024-11-21 | 7.5 High |
| Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presence of a static username and password configured on the vManage. An attacker could exploit this vulnerability by sending a crafted HTTP request to a reachable vManage on port 9200. A successful exploit could allow the attacker to view the Elasticsearch database content. There are workarounds that address this vulnerability. | ||||
| CVE-2023-0808 | 3 Bosswerk, Deyeinverter, Revolt-power | 6 Inverter, Inverter Firmware, Inverter and 3 more | 2024-11-21 | 3.9 Low |
| A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability. | ||||
| CVE-2022-4611 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216273 was assigned to this vulnerability. | ||||
| CVE-2022-47891 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2024-11-21 | 8.1 High |
| All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function. | ||||