CVE-2025-30137

An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to...

GNET G-ONX 安全漏洞

GNET G-ONX is a series of car recorders from GNET. A security vulnerability exists in GNET G-ONX version 2.6.2, which stems from the inclusion of hard-coded credentials in the APK that could lead to unauthorized access...

CVE-2025-30137

CVE-2025-30137 affects the G-Net GNET APK 2.6.2. The issue is hardcoded credentials in the APK that grant unauthorized access to dashcam API endpoints on ports 9091 and 9092. Credentials reported: for port 9091, TibetList and 000000 to list settings; for port 9092 (stream), admin + tibet. Setting...

CVE-2025-30113

CVE-2025-30113 affects the Forvia Hella HELLA Driving Recorder DR 820. The dashcam Android APK stores hardcoded credentials in cleartext, enabling unauthorized access to device settings via network ports 9091 and 9092. Affects the dashcam/app, with root cause described as hardcoded credentials in...

CVE-2025-30106

The CVE-2025-30106 entry concerns IROAD v9 dashcams that ship with hardcoded default credentials ("qwertyuiop") which cannot be changed by the user. The credential hardening absence enables an attacker within Wi‑Fi range to connect to the device’s network for sniffing. Public sources in the conne...

CVE-2025-25729

An information disclosure vulnerability in Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 allows attackers to obtain hardcoded cleartext credentials via the update or boot process...

CVE-2025-25570

Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials...

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...

CVE-2025-25570

Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials...

CVE-2025-25570

Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials...

PT-2025-9029

Name of the Vulnerable Software and Affected Versions Vue Vben Admin version 2.10.1 Description The issue allows unauthorized login to the backend due to an problem with hardcoded credentials. Recommendations For Vue Vben Admin version 2.10.1, update to a version that removes the hardcoded...

CVE-2025-25729

CVE-2025-25729 concerns a data disclosure in Bosscomm IF740 firmware (versions 11001.7078 & v11001.0000) and System versions 6.25 & 6.00. The root cause is information exposed via the update or boot process, enabling an attacker to obtain hardcoded cleartext credentials. The CVE entry and related...

CVE-2025-25729

An information disclosure vulnerability in Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 allows attackers to obtain hardcoded cleartext credentials via the update or boot process...

CVE-2025-25729

An information disclosure vulnerability in Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 allows attackers to obtain hardcoded cleartext credentials via the update or boot process...

CVE-2025-25570

Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials...

CVE-2025-25570

CVE-2025-25570 affects Vue Vben Admin 2.10.1, with a broken authentication flaw caused by hardcoded credentials that allows unauthorized login to the backend. The Nuclei template explicitly documents a default-credentials scenario and the Red Hat/NVD entries reiterate unauthorized backend access ...

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...

CVE-2024-50688

SunGrow iSolarCloud Android app (v2.1.6.20241017 and earlier) uses hardcoded MQTT credentials for device telemetry, with the same credentials in the app and cloud. The vulnerability is described as enabling attackers to gain unauthorized access to user accounts and potentially execute arbitrary c...