CVE-2024-54749

Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the observation only established that a password is present in a firmware image; however, the device cannot ...

CVE-2024-54745

WAVLINK WN701AE M01AEV240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...

CVE-2024-52789

Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etcro/shadow, which allows attackers to log in as root...

CVE-2024-52788

Tenda W9 v1.0.0.74456 was discovered to contain a hardcoded password vulnerability in /etcro/shadow, which allows attackers to log in as root...

CVE-2023-41610

Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext...

CVE-2023-39808

N.V.K.INTER CO., LTD. NVK iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service...

CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...

CVE-2023-28654

Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through...

CVE-2022-36615

TOTOLINK A3000RU V4.1.2cu.5185B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

CVE-2022-37857

bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default...

CVE-2022-36611

TOTOLINK A800R V4.1.2cu.5137B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

CVE-2022-36610

TOTOLINK A720R V4.1.5cu.532B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

CVE-2022-36616

TOTOLINK A810R V4.1.2cu.5182B20201026 and V5.9c.4050B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

CVE-2022-36614

TOTOLINK A860R V4.1.2cu.5182B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

CVE-2022-36612

TOTOLINK A950RG V4.1.2cu.5204B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

CVE-2022-34005

An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 sub-issue 1. NOTE: as of...

CVE-2022-36613

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

CVE-2022-45291

PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...

CVE-2022-25577

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data...

CVE-2021-27172

An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh...