CVE-2025-41696

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

CVE-2025-41696

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

CVE-2025-41696 Hardcoded User Password

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

CVE-2025-41696

CVE-2025-41696 describes an attack where an attacker can use an undocumented UART port on the PCB as a side-channel, leveraging user credentials obtained from CVE-2025-41692 to gain read access to parts of the device filesystem. Public Red Hat and EUVD entries corroborate the UART side-channel ve...

PT-2025-49815

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

Phoenix Contact FL SWITCH 信任管理问题漏洞

The PHOENIX CONTACT FL SWITCH is an industrial grade Ethernet switch from PHOENIX CONTACT, Germany. A trust management issue vulnerability exists in Phoenix Contact FL SWITCH versions prior to 3.50, which stems from undocumented UART ports and hardcoded credentials that could result in a partial...

CVE-2025-14126

A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the publi...

CVE-2025-14126 TOZED ZLT M30S/ZLT M30S PRO Web hard-coded credentials

A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the publi...

EUVD-2025-201412

Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication...

CVE-2025-29268

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library...

CVE-2025-65730

Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication...

EUVD-2025-201251

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library...

CVE-2025-29268

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library...

CVE-2025-29268

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library...

CVE-2025-29268

CVE-2025-29268 affects ALLNET ALL-RUT22GW v3.3.8. The flaw stores hardcoded credentials in the libicos.so library, aligning with the CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and a base score of 9.8 (CRITICAL). Impact spans confidentiality, integrity, and availability. Public referenc...

CVE-2025-29268

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library...

PT-2025-49120

Name of the Vulnerable Software and Affected Versions ALLNET ALL-RUT22GW version 3.3.8 Description The ALLNET ALL-RUT22GW device version 3.3.8 stores hardcoded credentials within the libicos.so library. These credentials are present in the library and could potentially be exposed. Recommendations...

CVE-2025-29268

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library...

CVE-2018-25126

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

EUVD-2025-199000

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...