CVE-2023-31184
6.2MEDIUM
ROZCOM client CWE-798: Use of Hard-coded Credentials
ROZCOM client CWE-798: Use of Hard-coded Credentials
5/30/2023CWE-798, CWE-798
Tipo de Debilidad
CWE-798
Todas las vulnerabilidades CVE clasificadas bajo este tipo de debilidad.
Ver en MITRE CWETotal CVEs
50
Críticos
29
En KEV
0
Con Exploits
0
CVE-2023-32227
9.8CRITICAL
Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials
Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials
7/30/2023CWE-798, CWE-798
CVE-2025-55047
8.4HIGH
CWE-798 Use of Hard-coded Credentials
CWE-798 Use of Hard-coded Credentials
9/9/2025CWE-798
CVE-2025-23179
5.5MEDIUM
CWE-798: Use of Hard-coded Credentials
CWE-798: Use of Hard-coded Credentials
4/29/2025CWE-798
CVE-2023-37215
6.2MEDIUM
JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials
JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials
7/30/2023CWE-798, CWE-798
CVE-2019-5622
9.8CRITICAL
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.
4/29/2020CWE-798, CWE-798
CVE-2023-40717
5.3MEDIUM
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.
9/13/2023CWE-798, CWE-798
CVE-2022-3214
9.8CRITICAL
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Exec
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Exec...
9/16/2022CWE-798, CWE-798
CVE-2024-0865
7.8HIGH
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.
6/12/2024CWE-798
CVE-2023-5456
8.1HIGH
A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data wit
A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data wit...
3/5/2024CWE-798, CWE-798
CVE-2019-6812
7.2HIGH
A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol.
A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol.
5/22/2019CWE-798, CWE-798
CVE-2023-40300
9.8CRITICAL
NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key.
NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key.
12/7/2023CWE-798, CWE-798
CVE-2022-37832
9.8CRITICAL
Mutiny 7.2.0-10788 suffers from Hardcoded root password.
Mutiny 7.2.0-10788 suffers from Hardcoded root password.
12/16/2022CWE-798, CWE-798
CVE-2021-44207
8.1HIGH
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.
12/21/2021CWE-798, CWE-798
CVE-2023-26203
6.7MEDIUM
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow ...
5/3/2023CWE-798, CWE-798
CVE-2020-7498
9.8CRITICAL
A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixe
A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixe...
6/16/2020CWE-798, CWE-798
CVE-2023-6409
7.7HIGH
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control E
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control E...
2/14/2024CWE-798
CVE-2023-51840
9.8CRITICAL
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
1/29/2024CWE-798, CWE-798
CVE-2023-5318
7.5HIGH
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
9/30/2023CWE-798, CWE-798
CVE-2024-35396
9.8CRITICAL
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.
5/24/2024CWE-798, CWE-284
CVE-2020-7501
8.8HIGH
A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write w
A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write w...
6/16/2020CWE-798, CWE-798
CVE-2024-38466
9.8CRITICAL
Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password.
Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password.
6/16/2024CWE-798, CWE-798
CVE-2023-46706
9.1CRITICAL
Multiple MachineSense devices have credentials unable to be changed by the user or administrator.
Multiple MachineSense devices have credentials unable to be changed by the user or administrator.
2/1/2024CWE-798, CWE-798
CVE-2022-46637
9.8CRITICAL
Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services.
Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services.
2/21/2023CWE-798, CWE-798
CVE-2024-35338
9.8CRITICAL
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
7/16/2024CWE-798, CWE-798
CVE-2023-23132
7.5HIGH
Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys.
Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys.
2/1/2023CWE-798, CWE-798
CVE-2022-42980
9.8CRITICAL
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
10/17/2022CWE-798, CWE-798
CVE-2022-30234
9.4CRITICAL
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4...
6/2/2022CWE-798
CVE-2023-38995
9.8CRITICAL
An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.
An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.
2/7/2024CWE-798, CWE-798
CVE-2023-49253
9.8CRITICAL
Root user password is hardcoded into the device and cannot be changed in the user interface.
Root user password is hardcoded into the device and cannot be changed in the user interface.
1/12/2024CWE-798, CWE-798
CVE-2022-39185
9.8CRITICAL
EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user.
EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user.
1/12/2023CWE-798, CWE-798
CVE-2022-42176
7.8HIGH
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.
10/20/2022CWE-798, CWE-798
CVE-2024-24324
9.8CRITICAL
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.
1/30/2024CWE-798, CWE-798
CVE-2023-24501
9.8CRITICAL
Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit.
Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit.
4/17/2023CWE-798, CWE-798
CVE-2024-5471
8.8HIGH
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys.
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys.
7/17/2024CWE-798, CWE-798
CVE-2023-41919
9.8CRITICAL
Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access.
Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access.
7/2/2024CWE-798, CWE-798
CVE-2019-10979
9.8CRITICAL
SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.
SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.
7/1/2019CWE-798, CWE-798
CVE-2024-51431
9.8CRITICAL
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.
11/1/2024CWE-798, CWE-798
CVE-2023-40236
5.3MEDIUM
In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.
In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.
12/25/2023CWE-798, CWE-798
CVE-2023-39169
9.8CRITICAL
The affected devices use publicly available default credentials with administrative privileges.
The affected devices use publicly available default credentials with administrative privileges.
12/7/2023CWE-798, CWE-798
CVE-2023-30352
9.8CRITICAL
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed.
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed.
5/10/2023CWE-798, CWE-798
CVE-2022-48067
5.5MEDIUM
An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack.
An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack.
1/27/2023CWE-798, CWE-798
CVE-2022-44096
9.8CRITICAL
Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.
Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.
11/30/2022CWE-798, CWE-798
CVE-2024-6656
9.8CRITICAL
Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13.
Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13.
9/13/2024CWE-798, CWE-798
CVE-2024-42638
9.8CRITICAL
H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
8/16/2024CWE-798, CWE-798
CVE-2022-37255
7.5HIGH
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603.
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603.
4/16/2023CWE-798, CWE-798
CVE-2023-24149
9.8CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.
2/3/2023CWE-798, CWE-798
CVE-2022-44097
9.8CRITICAL
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.
11/30/2022CWE-798, CWE-798
CVE-2022-23942
7.5HIGH
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
4/26/2022CWE-798, CWE-798
CVE-2022-22722
7.5HIGH
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active contro
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active contro...
2/4/2022CWE-798
Mostrando 50 de many CVEs