VulnCheck KEV: CVE-2018-25126

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

Hardcoded credentials

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alte...

Hardcoded credentials

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console...

Hardcoded credentials

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface...

CVE-2019-14309

Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders...

Hardcoded credentials

Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders...

CVE-2019-14309

Ricoh SP C250DN 1.05 devices are affected by CVE-2019-14309 due to hardcoded FTP service credentials embedded in the printer firmware. This enables an attacker to access and read information in the shared FTP folders. The issue stems from a fixed password in the device firmware, but the provided ...

PT-2020-6822 · Zyxel · Zyxel Cloudcnm Secumanager

Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue is related to the implementation of the CPE WAN Management Protocol TR-069 in the Zyxel CloudCNM SecuManager software, which uses hardcoded credentials when handli...

Hardcoded credentials

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate and ke...

Hardcoded credentials

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 1762...

Hardcoded credentials

BigFix Self-Service Application SSA is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML...

Hardcoded credentials

QNAP VioCard 300 has hardcoded RSA private keys...

Hardcoded credentials

Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts...

Hardcoded credentials

TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcode...

Hardcoded credentials

Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page...

Hardcoded credentials

D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability...

Hardcoded credentials

An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002...

Hardcoded credentials

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key hardcoded as EONAPIKEY in include/apifunctions.php for API version 2.4.2 by default for all installations, hence allowing an attacker to calculate/guess the admin access token...

Hardcoded credentials

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive...

Hardcoded credentials

An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05TESCO, TESCO DCS-2102 1.05TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06FR, DCS-2121 1.06...