Vulnerabilities (CVE)

Filtered by CWE-798
Total 1394 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-14004 1 Ge 1 Gemnet License Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.
CVE-2017-14002 1 Ge 2 Infinia Hawkeye 4, Infinia Hawkeye 4 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.
CVE-2017-13108 1 Psafe 1 Dfndr Security 2024-11-21 5.0 MEDIUM 7.5 HIGH
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107 1 Liveme 1 Liveme 2024-11-21 5.0 MEDIUM 7.5 HIGH
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13106 1 Cmcm 1 Cm Launcher 3d 2024-11-21 5.0 MEDIUM 7.5 HIGH
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13104 1 Uber 1 Ubereats 2024-11-21 5.0 MEDIUM 7.5 HIGH
Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13102 1 Gameloft 1 Asphalt Xtreme 2024-11-21 5.0 MEDIUM 7.5 HIGH
Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13101 1 Tiktok 1 Musical.ly 2024-11-21 5.0 MEDIUM 7.5 HIGH
Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13100 1 Distinctdev 1 The Moron Test 2024-11-21 5.0 MEDIUM 7.5 HIGH
DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-12726 1 Smiths-medical 1 Medfusion 4000 Wireless Syringe Infusion Pump 2024-11-21 7.5 HIGH 7.3 HIGH
A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that it is not possible to upload files via Telnet and the impact of this vulnerability is limited to the communications module.
CVE-2017-12725 1 Smiths-medical 1 Medfusion 4000 Wireless Syringe Infusion Pump 2024-11-21 6.8 MEDIUM 5.6 MEDIUM
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Ethernet connected and active; however, if the wireless association is established and the Ethernet cable is attached, the pump does not attach the network stack to the wireless network. In this scenario, all network traffic is instead directed over the wired Ethernet connection.
CVE-2017-12724 1 Smiths-medical 1 Medfusion 4000 Wireless Syringe Infusion Pump 2024-11-21 6.8 MEDIUM 8.1 HIGH
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections.
CVE-2017-12577 1 Planex 3 Cs-qr20, Cs-qr20 Firmware, Smacam Night Vision 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.
CVE-2017-12574 1 Planex 2 Cs-w50hd, Cs-w50hd Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted.
CVE-2017-11634 1 - 1 Wireless Ip Camera 360 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password of 123456.
CVE-2017-11632 1 - 1 Wireless Ip Camera 360 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session.
CVE-2016-9495 1 Hughes 8 Dw7000, Dw7000 Firmware, Hn7000s and 5 more 2024-11-21 5.8 MEDIUM 8.8 HIGH
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices.
CVE-2016-9335 1 Redlion 4 Sixnet-managed Industrial Switches, Sixnet-managed Industrial Switches Firmware, Stride-managed Ethernet Switches and 1 more 2024-11-21 10.0 HIGH 10.0 CRITICAL
A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.
CVE-2016-8717 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices.
CVE-2016-3953 1 Web2py 1 Web2py 2024-11-21 7.5 HIGH 9.8 CRITICAL
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.