Total
1521 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35287 | 1 Ibm | 1 Security Verify Information Queue | 2024-11-21 | 7.5 High |
| IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817. | ||||
| CVE-2022-34993 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-11-21 | 9.8 Critical |
| Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. | ||||
| CVE-2022-34907 | 1 Filewave | 1 Filewave | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform. | ||||
| CVE-2022-34906 | 1 Filewave | 1 Filewave | 2024-11-21 | 7.5 High |
| A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests. | ||||
| CVE-2022-34425 | 1 Dell | 1 Enterprise Sonic Distribution | 2024-11-21 | 7.5 High |
| Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | ||||
| CVE-2022-34151 | 1 Omron | 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more | 2024-11-21 | 8.1 High |
| Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. | ||||
| CVE-2022-34045 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2024-11-21 | 9.8 Critical |
| Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. | ||||
| CVE-2022-34005 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2024-11-21 | 9.8 Critical |
| An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. | ||||
| CVE-2022-32985 | 1 Nexans | 26 Gigaswitch 641 Desk V5 Sfp-vi, Gigaswitch 641 Desk V5 Sfp-vi Firmware, Gigaswitch 642 Desk V5 Sfp-2vi and 23 more | 2024-11-21 | 9.8 Critical |
| libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201. | ||||
| CVE-2022-32965 | 1 Omicard Edm Project | 1 Omicard Edm | 2024-11-21 | 9.8 Critical |
| OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service. | ||||
| CVE-2022-32389 | 1 Isode | 1 Swift | 2024-11-21 | 7.5 High |
| Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates. | ||||
| CVE-2022-31619 | 1 Siemens | 1 Teamcenter | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions. | ||||
| CVE-2022-31462 | 1 Owllabs | 2 Meeting Owl Pro, Meeting Owl Pro Firmware | 2024-11-21 | 9.3 Critical |
| Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. | ||||
| CVE-2022-31460 | 1 Owllabs | 2 Meeting Owl Pro, Meeting Owl Pro Firmware | 2024-11-21 | 7.4 High |
| Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value. | ||||
| CVE-2022-31322 | 1 Pentasecurity | 1 Wapples | 2024-11-21 | 7.8 High |
| Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables. | ||||
| CVE-2022-31269 | 1 Nortekcontrol | 2 Emerge E3, Emerge E3 Firmware | 2024-11-21 | 8.2 High |
| Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.) | ||||
| CVE-2022-31210 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts. | ||||
| CVE-2022-30997 | 1 Yokogawa | 4 Stardom Fcj, Stardom Fcj Firmware, Stardom Fcn and 1 more | 2024-11-21 | 7.2 High |
| Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware. | ||||
| CVE-2022-30627 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | 5.7 Medium |
| This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b20200706. This vulnerability makes it possible to extract from the FW the existing user passwords on their operating systems and passwords. | ||||
| CVE-2022-30622 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | 5.3 Medium |
| Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within the JS code sent to the customer within the Login.js file is a strong user (which is not documented) and also the password, which allow for super-user access. Username: chcadmin, Password: chcpassword. | ||||