Total
1394 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14004 | 1 Ge | 1 Gemnet License Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | |||||
CVE-2017-14002 | 1 Ge | 2 Infinia Hawkeye 4, Infinia Hawkeye 4 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | |||||
CVE-2017-13108 | 1 Psafe | 1 Dfndr Security | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | |||||
CVE-2017-13107 | 1 Liveme | 1 Liveme | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | |||||
CVE-2017-13106 | 1 Cmcm | 1 Cm Launcher 3d | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | |||||
CVE-2017-13104 | 1 Uber | 1 Ubereats | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | |||||
CVE-2017-13102 | 1 Gameloft | 1 Asphalt Xtreme | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | |||||
CVE-2017-13101 | 1 Tiktok | 1 Musical.ly | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | |||||
CVE-2017-13100 | 1 Distinctdev | 1 The Moron Test | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | |||||
CVE-2017-12726 | 1 Smiths-medical | 1 Medfusion 4000 Wireless Syringe Infusion Pump | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that it is not possible to upload files via Telnet and the impact of this vulnerability is limited to the communications module. | |||||
CVE-2017-12725 | 1 Smiths-medical | 1 Medfusion 4000 Wireless Syringe Infusion Pump | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Ethernet connected and active; however, if the wireless association is established and the Ethernet cable is attached, the pump does not attach the network stack to the wireless network. In this scenario, all network traffic is instead directed over the wired Ethernet connection. | |||||
CVE-2017-12724 | 1 Smiths-medical | 1 Medfusion 4000 Wireless Syringe Infusion Pump | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections. | |||||
CVE-2017-12577 | 1 Planex | 3 Cs-qr20, Cs-qr20 Firmware, Smacam Night Vision | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission. | |||||
CVE-2017-12574 | 1 Planex | 2 Cs-w50hd, Cs-w50hd Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted. | |||||
CVE-2017-11634 | 1 - | 1 Wireless Ip Camera 360 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password of 123456. | |||||
CVE-2017-11632 | 1 - | 1 Wireless Ip Camera 360 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session. | |||||
CVE-2016-9495 | 1 Hughes | 8 Dw7000, Dw7000 Firmware, Hn7000s and 5 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices. | |||||
CVE-2016-9335 | 1 Redlion | 4 Sixnet-managed Industrial Switches, Sixnet-managed Industrial Switches Firmware, Stride-managed Ethernet Switches and 1 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174. | |||||
CVE-2016-8717 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. | |||||
CVE-2016-3953 | 1 Web2py | 1 Web2py | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function. |