Vulnerabilities (CVE)

Filtered by CWE-798
Total 1398 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-22313 1 Ibm 1 Storage Defender Resiliency Service 2024-11-21 N/A 6.2 MEDIUM
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.
CVE-2024-21764 1 Rapidscada 1 Rapid Scada 2024-11-21 N/A 9.8 CRITICAL
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port.
CVE-2024-1661 1 Totolink 1 X6000r Firmware 2024-11-21 1.0 LOW 2.5 LOW
A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1228 1 Eurosoft 1 Przychodnia 2024-11-21 N/A 9.8 CRITICAL
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed).
CVE-2024-0865 1 Schneider-electric 1 Ecostruxure It Gateway 2024-11-21 N/A 7.8 HIGH
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.
CVE-2023-6482 1 Synaptics 1 Fingerprint Driver 2024-11-21 N/A 5.2 MEDIUM
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database.
CVE-2023-6198 2024-11-21 N/A 9.3 CRITICAL
Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device.
CVE-2023-5777 1 Weintek 1 Easybuilder Pro 2024-11-21 N/A 9.8 CRITICAL
Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.
CVE-2023-5318 1 Microweber 1 Microweber 2024-11-21 N/A 7.5 HIGH
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5074 1 Dlink 1 D-view 8 2024-11-21 N/A 9.8 CRITICAL
Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28
CVE-2023-52723 2024-11-21 N/A 7.1 HIGH
In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.
CVE-2023-51588 2024-11-21 N/A 7.8 HIGH
Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of a MySQL instance. The issue results from hardcoded database credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22075.
CVE-2023-50948 1 Ibm 1 Storage Fusion Hci 2024-11-21 N/A 6.5 MEDIUM
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671.
CVE-2023-50124 1 Flient 2 Smart Lock Advanced, Smart Lock Advanced Firmware 2024-11-21 N/A 6.8 MEDIUM
Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner.
CVE-2023-4419 1 Sick 6 Lms500, Lms500 Firmware, Lms511 and 3 more 2024-11-21 N/A 9.8 CRITICAL
The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.
CVE-2023-4204 1 Moxa 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware 2024-11-21 N/A 5.4 MEDIUM
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.
CVE-2023-49228 1 Peplink 2 Balance Two, Balance Two Firmware 2024-11-21 N/A 6.4 MEDIUM
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.
CVE-2023-49224 2024-11-21 N/A 8.0 HIGH
Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges.
CVE-2023-49223 2024-11-21 N/A 8.8 HIGH
Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information.
CVE-2023-49222 2024-11-21 N/A 8.8 HIGH
Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges.