Total
1392 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22144 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-11-21 | N/A | 9.8 CRITICAL |
| A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this vulnerability. | |||||
| CVE-2022-22056 | 1 Le-yan Dental Management System Project | 1 Le-yan Dental Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service. | |||||
| CVE-2022-21669 | 1 Puddingbot Project | 1 Puddingbot | 2024-11-21 | 5.0 MEDIUM | 9.1 CRITICAL |
| PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date. | |||||
| CVE-2022-21199 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2022-21194 | 1 Yokogawa | 5 Centum Vp, Centum Vp Entry, Centum Vp Entry Firmware and 2 more | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. | |||||
| CVE-2022-20868 | 1 Cisco | 4 Asyncos, Secure Email And Web Manager, Secure Email Gateway and 1 more | 2024-11-21 | N/A | 4.7 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account. | |||||
| CVE-2022-20844 | 1 Cisco | 1 Sd-wan | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses. | |||||
| CVE-2022-20773 | 1 Cisco | 1 Umbrella | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA. | |||||
| CVE-2022-1701 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. | |||||
| CVE-2022-1400 | 1 Device42 | 1 Cmdb | 2024-11-21 | N/A | 7.1 HIGH |
| Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00. | |||||
| CVE-2022-1162 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts | |||||
| CVE-2022-0131 | 1 Jmty | 1 Jimoty | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | |||||
| CVE-2021-4228 | 1 Lannerinc | 2 Iac-ast2500, Iac-ast2500 Firmware | 2024-11-21 | N/A | 5.8 MEDIUM |
| Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0. | |||||
| CVE-2021-46247 | 1 Asus | 2 Cmax6000, Cmax6000 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00. | |||||
| CVE-2021-46008 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 7.9 HIGH | 8.8 HIGH |
| In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on. | |||||
| CVE-2021-45913 | 1 Controlup | 1 Controlup Agent | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel. | |||||
| CVE-2021-45877 | 1 Garo | 6 Wallbox Glb, Wallbox Glb Firmware, Wallbox Gtb and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page. | |||||
| CVE-2021-45841 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest. | |||||
| CVE-2021-45732 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed. | |||||
| CVE-2021-45522 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2024-11-21 | 7.5 HIGH | 6.1 MEDIUM |
| NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded password. | |||||