Total
1392 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36234 | 1 Unit4 | 1 Mik.starlight | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors. | |||||
| CVE-2021-36224 | 1 Westerndigital | 2 My Cloud Os, My Cloud Pr4100 | 2024-11-21 | N/A | 9.8 CRITICAL |
| Western Digital My Cloud devices before OS5 have a nobody account with a blank password. | |||||
| CVE-2021-35961 | 1 Secom | 1 Dr.id Access Control | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission. | |||||
| CVE-2021-35232 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 3.6 LOW | 6.8 MEDIUM |
| Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. | |||||
| CVE-2021-34812 | 1 Synology | 1 Calendar | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2021-34757 | 1 Cisco | 32 Business 220-16p-2g, Business 220-16p-2g Firmware, Business 220-16t-2g and 29 more | 2024-11-21 | 3.6 LOW | 4.9 MEDIUM |
| Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34744 | 1 Cisco | 32 Business 220-16p-2g, Business 220-16p-2g Firmware, Business 220-16t-2g and 29 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34688 | 2 Idrive, Microsoft | 2 Remotepc, Windows | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker. | |||||
| CVE-2021-34601 | 1 Bender | 4 Cc612, Cc612 Firmware, Cc613 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI. | |||||
| CVE-2021-34577 | 1 Kadenvodomery | 2 Picoflux Air, Picoflux Air Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device. | |||||
| CVE-2021-34571 | 1 Enbra | 1 Ewm | 2024-11-21 | 2.9 LOW | 6.5 MEDIUM |
| Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM. | |||||
| CVE-2021-34565 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. | |||||
| CVE-2021-33583 | 1 Reiner-sct | 1 Timecard | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file. | |||||
| CVE-2021-33540 | 1 Phoenixcontact | 36 Axl F Bk Eip, Axl F Bk Eip Ef, Axl F Bk Eip Ef Firmware and 33 more | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists. | |||||
| CVE-2021-33531 | 1 Weidmueller | 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability. | |||||
| CVE-2021-33529 | 1 Weidmueller | 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device. | |||||
| CVE-2021-33484 | 1 Onyaktech Comments Pro Project | 1 Onyaktech Comments Pro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryption key (sent as a parameter in the comment form request) by setting this encrypted value as the username, which will appear on the comment page in its decrypted form. Using these two values (combined with the encryption functionality discovered in the decompiled installer), the attacker can encrypt another user's ID and username. These values can be used as part of the comment posting request in order to spoof the user. | |||||
| CVE-2021-33220 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist. | |||||
| CVE-2021-33219 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts. | |||||
| CVE-2021-33218 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access. | |||||