Filtered by CWE-798
Total 1433 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-29953 1 Bakerhughes 8 Bently Nevada 3701\/40, Bently Nevada 3701\/40 Firmware, Bently Nevada 3701\/44 and 5 more 2024-11-21 9.8 Critical
The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.
CVE-2022-29856 1 Automationanywhere 1 Automation 360 2024-11-21 7.5 High
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages.
CVE-2022-29778 2 D-link, Dlink 3 Dir-890l Firmware, Dir-890l, Dir-890l Firmware 2024-11-21 8.8 High
D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php
CVE-2022-29730 1 Usr 10 Usr-g800v2, Usr-g800v2 Firmware, Usr-g806 and 7 more 2024-11-21 9.8 Critical
USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.
CVE-2022-29645 1 Totolink 2 A3100r, A3100r Firmware 2024-11-21 9.8 Critical
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample.
CVE-2022-29644 1 Totolink 2 A3100r, A3100r Firmware 2024-11-21 9.8 Critical
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini.
CVE-2022-29525 1 Rakuten 1 Casa 2024-11-21 9.8 Critical
Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.
CVE-2022-29060 1 Fortinet 1 Fortiddos 2024-11-21 8.1 High
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.
CVE-2022-28605 3 Apple, Google, Linkplay 3 Iphone Os, Android, Sound Bar 2024-11-21 9.8 Critical
Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory
CVE-2022-28371 1 Verizon 4 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware, Lvskihp Outdoorunit and 1 more 2024-11-21 7.5 High
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download this firmware and extract the private components of these certificates (from /etc/lighttpd.d/ca.pem and /etc/lighttpd.d/server.pem) to gain access. (The firmware download location is shown in a device's upgrade logs.)
CVE-2022-27506 1 Citrix 26 Sd-wan 1000, Sd-wan 1000 Firmware, Sd-wan 110 and 23 more 2024-11-21 2.7 Low
Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI
CVE-2022-26672 1 Asus 1 Webstorage 2024-11-21 7.3 High
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.
CVE-2022-26671 1 Secom 2 Dr.id Access Control, Dr.id Attendance System 2024-11-21 7.3 High
Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service.
CVE-2022-26660 1 Robotronic 1 Runasspc 2024-11-21 7.5 High
RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used.
CVE-2022-26476 1 Siemens 3 Spectrum Power 4, Spectrum Power 7, Spectrum Power Microgrid Management System 2024-11-21 8.8 High
A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges.
CVE-2022-26119 1 Fortinet 1 Fortisiem 2024-11-21 7.8 High
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password.
CVE-2022-25807 1 Igel 1 Universal Management Suite 2024-11-21 5.5 Medium
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key.
CVE-2022-25806 1 Igel 1 Universal Management Suite 2024-11-21 8.8 High
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key.
CVE-2022-25577 1 Alf-banco 1 Alf-banco 2024-11-21 9.1 Critical
ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data.
CVE-2022-25569 1 Bettinivideo 1 Sgsetup 2024-11-21 9.8 Critical
Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software.