Total
1433 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29953 | 1 Bakerhughes | 8 Bently Nevada 3701\/40, Bently Nevada 3701\/40 Firmware, Bently Nevada 3701\/44 and 5 more | 2024-11-21 | 9.8 Critical |
| The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality. | ||||
| CVE-2022-29856 | 1 Automationanywhere | 1 Automation 360 | 2024-11-21 | 7.5 High |
| A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages. | ||||
| CVE-2022-29778 | 2 D-link, Dlink | 3 Dir-890l Firmware, Dir-890l, Dir-890l Firmware | 2024-11-21 | 8.8 High |
| D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php | ||||
| CVE-2022-29730 | 1 Usr | 10 Usr-g800v2, Usr-g800v2 Firmware, Usr-g806 and 7 more | 2024-11-21 | 9.8 Critical |
| USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device. | ||||
| CVE-2022-29645 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. | ||||
| CVE-2022-29644 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. | ||||
| CVE-2022-29525 | 1 Rakuten | 1 Casa | 2024-11-21 | 9.8 Critical |
| Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation. | ||||
| CVE-2022-29060 | 1 Fortinet | 1 Fortiddos | 2024-11-21 | 8.1 High |
| A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device. | ||||
| CVE-2022-28605 | 3 Apple, Google, Linkplay | 3 Iphone Os, Android, Sound Bar | 2024-11-21 | 9.8 Critical |
| Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory | ||||
| CVE-2022-28371 | 1 Verizon | 4 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware, Lvskihp Outdoorunit and 1 more | 2024-11-21 | 7.5 High |
| On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download this firmware and extract the private components of these certificates (from /etc/lighttpd.d/ca.pem and /etc/lighttpd.d/server.pem) to gain access. (The firmware download location is shown in a device's upgrade logs.) | ||||
| CVE-2022-27506 | 1 Citrix | 26 Sd-wan 1000, Sd-wan 1000 Firmware, Sd-wan 110 and 23 more | 2024-11-21 | 2.7 Low |
| Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI | ||||
| CVE-2022-26672 | 1 Asus | 1 Webstorage | 2024-11-21 | 7.3 High |
| ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information. | ||||
| CVE-2022-26671 | 1 Secom | 2 Dr.id Access Control, Dr.id Attendance System | 2024-11-21 | 7.3 High |
| Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service. | ||||
| CVE-2022-26660 | 1 Robotronic | 1 Runasspc | 2024-11-21 | 7.5 High |
| RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used. | ||||
| CVE-2022-26476 | 1 Siemens | 3 Spectrum Power 4, Spectrum Power 7, Spectrum Power Microgrid Management System | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges. | ||||
| CVE-2022-26119 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 7.8 High |
| A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. | ||||
| CVE-2022-25807 | 1 Igel | 1 Universal Management Suite | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key. | ||||
| CVE-2022-25806 | 1 Igel | 1 Universal Management Suite | 2024-11-21 | 8.8 High |
| An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key. | ||||
| CVE-2022-25577 | 1 Alf-banco | 1 Alf-banco | 2024-11-21 | 9.1 Critical |
| ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data. | ||||
| CVE-2022-25569 | 1 Bettinivideo | 1 Sgsetup | 2024-11-21 | 9.8 Critical |
| Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software. | ||||