Total
1453 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22560 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.9 MEDIUM | 7.1 HIGH |
| Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline. | |||||
| CVE-2022-22522 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device. | |||||
| CVE-2022-22512 | 1 Varta | 16 Element Backup, Element Backup Firmware, Element S1 and 13 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network. | |||||
| CVE-2022-22466 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | N/A | 6.8 MEDIUM |
| IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222. | |||||
| CVE-2022-22144 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-11-21 | N/A | 9.8 CRITICAL |
| A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this vulnerability. | |||||
| CVE-2022-22056 | 1 Le-yan Dental Management System Project | 1 Le-yan Dental Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service. | |||||
| CVE-2022-21669 | 1 Puddingbot Project | 1 Puddingbot | 2024-11-21 | 5.0 MEDIUM | 9.1 CRITICAL |
| PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date. | |||||
| CVE-2022-21199 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2022-21194 | 1 Yokogawa | 5 Centum Vp, Centum Vp Entry, Centum Vp Entry Firmware and 2 more | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. | |||||
| CVE-2022-20868 | 1 Cisco | 4 Asyncos, Secure Email And Web Manager, Secure Email Gateway and 1 more | 2024-11-21 | N/A | 4.7 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account. | |||||
| CVE-2022-20844 | 1 Cisco | 1 Sd-wan | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses. | |||||
| CVE-2022-20773 | 1 Cisco | 1 Umbrella | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA. | |||||
| CVE-2022-1701 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. | |||||
| CVE-2022-1400 | 1 Device42 | 1 Cmdb | 2024-11-21 | N/A | 7.1 HIGH |
| Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00. | |||||
| CVE-2022-1162 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts | |||||
| CVE-2022-0131 | 1 Jmty | 1 Jimoty | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | |||||
| CVE-2021-4228 | 1 Lannerinc | 2 Iac-ast2500, Iac-ast2500 Firmware | 2024-11-21 | N/A | 5.8 MEDIUM |
| Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0. | |||||
| CVE-2021-46247 | 1 Asus | 2 Cmax6000, Cmax6000 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00. | |||||
| CVE-2021-46008 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 7.9 HIGH | 8.8 HIGH |
| In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on. | |||||
| CVE-2021-45913 | 1 Controlup | 1 Controlup Agent | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel. | |||||