CVE-2024-50692

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT...

CVE-2024-50692

The CVE-2024-50692 entry concerns SunGrow WiNet-SV200.001.00.P027 and earlier versions that ship with hardcoded MQTT credentials, enabling an attacker to send arbitrary commands to an inverter. TLS is not used to identify the MQTT broker, enabling impersonation and making MQTT communications susc...

CVE-2024-48126

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access...

CVE-2024-48126

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access...

PT-2025-2792 · Unknown · Hi-Scan 6040I

Name of the Vulnerable Software and Affected Versions: HI-SCAN 6040i Hitrax HX-03-19-I Description: The issue concerns hardcoded credentials in the system, which could allow unauthorized access to vendor support and service access. Recommendations: For HI-SCAN 6040i Hitrax HX-03-19-I, consider...

CVE-2024-48126

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access...

CVE-2024-48126

CVE-2024-48126 affects the HI-SCAN 6040i Hitrax HX-03-19-I: hardcoded credentials in the device enable access to vendor support and service functions. The vulnerability is rated CVSS v3.1: 9.8 (CRITICAL) with Network attack vector and no authentication required, causing high confidentiality, inte...

CVE-2024-28146 Hardcoded credentials

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...

CVE-2024-28146 Hardcoded credentials

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...

CVE-2024-10773

The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device...

CVE-2024-10773

The CVE-2024-10773 entry affects SICK InspectorP61x, InspectorP62x and TiM3xx devices. Root cause: pass-the-hash attacks enabled by hardcoded hidden-user credentials, allowing an attacker to log in as hidden levels and gain full device access. Affected versions are InspectorP61x and InspectorP62x...

CVE-2024-10773 SICK InspectorP61x, SICK InspectorP62x and SICK TiM3xx are vulnerable for pass-the-hash attacks

The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device...

PT-2024-16533 · Sick · Sick Tim3Xx +2

Name of the Vulnerable Software and Affected Versions: SICK InspectorP61x versions affected versions not specified SICK InspectorP62x versions affected versions not specified SICK TiM3xx versions affected versions not specified Description: The product is vulnerable to pass-the-hash attacks in...

Improper Authentication

Overview cobbler is a network install server. Affected versions of this package are vulnerable to Improper Authentication due to the utils.getsharedsecret function. An attacker can gain full control of the server by connecting to the cobbler XML-RPC server using a hardcoded user and password...

The Problem of Permissions and Non-Human Identities - Why Remediating Credentials Takes Longer Than You Think

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public...

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

CVE-2024-51431

The CVE-2024-51431 entry affects LB-LINK BL-WR 1300H v1.0.4, where hardcoded credentials are stored in /etc/shadow and are easily guessable. Public records (NVD and related feeds) consistently describe this as a credential exposure with high to critical impact potential (CVE details: high confide...

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...