CVE-2024-28812

An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service on the local management network interface with hardcoded credentials allows attackers to access the appliance operating system with highest privileges via an SSH connection...

CVE-2024-48126

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access...

CVE-2024-28809

An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials...

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

CVE-2023-27098

TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel...

CVE-2023-23324

Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account...

CVE-2023-24022

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

CVE-2022-30314

Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...

CVE-2022-46637

Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services...

CVE-2022-4780

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change...

CVE-2022-48113

A vulnerability in TOTOLINK N200REv5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials...

CVE-2022-45766

Hardcoded credentials in Global Facilities Management Software GFMS Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes...

CVE-2022-44097

Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...

CVE-2022-25045

Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...

CVE-2022-24657

Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol port 22...

CVE-2025-46176

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis...

CVE-2025-46176

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis...

PT-2025-22819 · D Link · D-Link Dir-816L +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 D-Link DIR-816L version 2.06B01 Description: The issue concerns hardcoded credentials in the Telnet service, allowing attackers to remotely execute arbitrary commands via firmware analysis. Recommendations: For...

CVE-2025-46176

The CVE-2025-46176 entry concerns hardcoded credentials in the Telnet service of D-Link DIR-605L (v2.13B01) and DIR-816L (v2.06B01). The root cause is hardcoded credentials in Telnet, which allows attackers to remotely execute arbitrary commands via firmware analysis. Documented impact is remote ...

CVE-2022-36170

MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion...