Total
1383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24155 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini. | |||||
| CVE-2023-24149 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow. | |||||
| CVE-2024-24681 | 1 Yealink | 1 Configuration Encryption Tool | 2025-03-25 | N/A | 9.8 CRITICAL |
| An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers' installations. | |||||
| CVE-2024-46433 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.8 HIGH |
| A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges. | |||||
| CVE-2024-46436 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.3 HIGH |
| Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service. | |||||
| CVE-2025-30137 | 2025-03-25 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to, the attacker sends a crafted authentication command with TibetList and 000000 to list settings of the dashcam at port 9091. There's a separate set of credentials for port 9092 (stream) that is also exposed in cleartext: admin + tibet. For settings, the required credentials are adim + 000000. | |||||
| CVE-2024-39838 | 1 Zexelon | 2 Zwx-2000csw2-hn, Zwx-2000csw2-hn Firmware | 2025-03-25 | N/A | 8.8 HIGH |
| ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device. | |||||
| CVE-2017-1787 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | 2.1 LOW | 4.4 MEDIUM |
| IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022. | |||||
| CVE-2022-45766 | 1 Keystorage | 1 Global Facilities Management Software | 2025-03-24 | N/A | 9.1 CRITICAL |
| Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes. | |||||
| CVE-2024-1344 | 1 Laborofficefree | 1 Laborofficefree | 2025-03-24 | N/A | 6.8 MEDIUM |
| Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOF_service.exe' and 'LaborOfficeFree.exe' located in the '%programfiles(x86)%\LaborOfficeFree\' directory. This user can log in remotely and has root-like privileges. | |||||
| CVE-2025-30123 | 2025-03-21 | N/A | 9.8 CRITICAL | ||
| An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sensitive recorded footage from the device. | |||||
| CVE-2025-30109 | 2025-03-21 | N/A | 6.5 MEDIUM | ||
| In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The mobile application for the dashcam contains hardcoded credentials that allow an attacker on the local Wi-Fi network to access API endpoints and retrieve sensitive device information, including live and recorded footage. | |||||
| CVE-2025-30122 | 2025-03-21 | N/A | 9.8 CRITICAL | ||
| An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices. | |||||
| CVE-2025-2556 | 2025-03-20 | 3.3 LOW | 4.3 MEDIUM | ||
| A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about these issues and acted very professional. Version 2.89 is fixing this issue for new customers and 2.90 is going to fix it for existing customers. | |||||
| CVE-2024-38466 | 1 Guoxinled | 1 Synthesis Image System | 2025-03-19 | N/A | 9.8 CRITICAL |
| Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password. | |||||
| CVE-2024-48126 | 2025-03-18 | N/A | 9.8 CRITICAL | ||
| HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access. | |||||
| CVE-2025-26410 | 2025-03-18 | N/A | 9.8 CRITICAL | ||
| The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. The backdoor user has been removed in firmware BSP >= 6.4.1. | |||||
| CVE-2024-57790 | 2025-03-17 | N/A | 5.4 MEDIUM | ||
| IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH. | |||||
| CVE-2024-42638 | 1 H3c | 2 Magic B1st, Magic B1st Firmware | 2025-03-17 | N/A | 9.8 CRITICAL |
| H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | |||||
| CVE-2019-17659 | 2025-03-17 | N/A | 3.7 LOW | ||
| A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image. | |||||