CVE-2025-9380

A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this attack. The exploit is...

CVE-2025-9310

A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRentalwar/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack ma...

CVE-2025-9091

A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etcro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high...

Belkin F9K1009 and Belkin F9K1010 Hardcoded Credential Vulnerabilities

The Belkin F9K1009 and Belkin F9K1010 are both a wireless router from Belkin Canada. The Belkin F9K1009 and Belkin F9K1010 have a hard-coded credential vulnerability that can be exploited by an attacker to gain access to the devices...

PT-2025-32361 · Belkin · Belkin F9K1009 +1

Name of the Vulnerable Software and Affected Versions: Belkin F9K1009 versions 2.00.04 through 2.00.09 Belkin F9K1010 versions 2.00.04 through 2.00.09 Description: A critical issue exists in the Web Interface component due to hard-coded credentials. This allows for remote attacks. The exploit has...

CVE-2014-125121

Array Networks vAPV version 8.3.2.17 and vxAG version 9.2.0.34 appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials or SSH private key and insecure permissions on a startup script. The devices ship with a default SSH login or a...

CVE-2019-19145

Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords...

CVE-2014-125121 Array Networks vAPV and vxAG Default Credential Privilege Escalation

Array Networks vAPV version 8.3.2.17 and vxAG version 9.2.0.34 appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials or SSH private key and insecure permissions on a startup script. The devices ship with a default SSH login or a...

PT-2025-31541 · Undefined · Undefined

Array Networks vAPV version 8.3.2.17 and vxAG version 9.2.0.34 appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials or SSH private key and insecure permissions on a startup script. The devices ship with a default SSH login or a...

Android-Reports-and-Resources

It is an offensive tool for Android. This repository contains a list of Android Hackerone disclosed reports and other resources, including hardcoded credentials, WebView vulnerabilities, insecure deeplinks, and RCE/ACE exploits. The primary report is CVE-2021-XXXX-XXXX, but only a few reports are...

CVE-2025-45466

Unitree Go1 = Go120220511 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext...

CVE-2025-31953

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

CVE-2025-45466

Unitree Go1 = Go120220511 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext...

CVE-2025-45466

CVE-2025-45466 affects Unitree Go1 (and Go1_2022_05_11 and older) due to hardcoded plaintext credentials causing an Improper Access Control vulnerability. The issue enables network-based access with no user interaction, requiring low privileges and low attack complexity; the impact is high confid...

PT-2025-30848 · Unitree · Unitree Go 1

Name of the Vulnerable Software and Affected Versions: Unitree Go1 versions through Go1 2022 05 11 Description: The Unitree Go1 is susceptible to an incorrect access control issue. This is due to authentication credentials being hardcoded in plaintext. Recommendations: Unitree Go1 versions throug...

CVE-2025-54137

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

CVE-2025-31953

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

CVE-2025-31953

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

CVE-2025-31953

HCL iAutomate is affected by a vulnerability due to hardcoded credentials that could lead to confidential data exposure. Affected component: HCL iAutomate (no specific versions provided in the documents). Root cause: hardcoded credentials enabling potential unauthorized access. Impact: confidenti...

CVE-2025-31953 HCL iAutomate is affected by hardcoded credentials

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...