CVE-2024-46436

Hardcoded credentials in Tenda W18E V16.01.0.81625 allows unauthenticated remote attackers to gain root access to the device over the telnet service...

CVE-2024-46429

CVE-2024-46429 concerns a hardcoded credentials vulnerability in the Tenda W18E web management portal. Affected component: W18E device web interface (V16.01.0.8(1625)). Root cause: presence of a default guest account with administrative privileges that can be used by unauthenticated remote attack...

CVE-2022-4333

Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...

CVE-2020-6265

SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce Data Hub, versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials...

CVE-2024-28751

An high privileged remote attacker can enable telnet access that accepts hardcoded credentials...

CVE-2024-4844

Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...

CVE-2024-50692

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT...

CVE-2024-50692

The CVE-2024-50692 entry concerns SunGrow WiNet-SV200.001.00.P027 and earlier versions that ship with hardcoded MQTT credentials, enabling an attacker to send arbitrary commands to an inverter. TLS is not used to identify the MQTT broker, enabling impersonation and making MQTT communications susc...

CVE-2024-48126

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access...

CVE-2024-48126

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access...

PT-2025-2792 · Unknown · Hi-Scan 6040I

Name of the Vulnerable Software and Affected Versions: HI-SCAN 6040i Hitrax HX-03-19-I Description: The issue concerns hardcoded credentials in the system, which could allow unauthorized access to vendor support and service access. Recommendations: For HI-SCAN 6040i Hitrax HX-03-19-I, consider...

CVE-2024-48126

CVE-2024-48126 affects the HI-SCAN 6040i Hitrax HX-03-19-I: hardcoded credentials in the device enable access to vendor support and service functions. The vulnerability is rated CVSS v3.1: 9.8 (CRITICAL) with Network attack vector and no authentication required, causing high confidentiality, inte...

CVE-2024-48126

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access...

CVE-2024-28146 Hardcoded credentials

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...

CVE-2024-28146 Hardcoded credentials

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...

CVE-2024-10773

The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device...

CVE-2024-10773

The CVE-2024-10773 entry affects SICK InspectorP61x, InspectorP62x and TiM3xx devices. Root cause: pass-the-hash attacks enabled by hardcoded hidden-user credentials, allowing an attacker to log in as hidden levels and gain full device access. Affected versions are InspectorP61x and InspectorP62x...

CVE-2024-10773 SICK InspectorP61x, SICK InspectorP62x and SICK TiM3xx are vulnerable for pass-the-hash attacks

The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device...

PT-2024-16533 · Sick · Sick Tim3Xx +2

Name of the Vulnerable Software and Affected Versions: SICK InspectorP61x versions affected versions not specified SICK InspectorP62x versions affected versions not specified SICK TiM3xx versions affected versions not specified Description: The product is vulnerable to pass-the-hash attacks in...

Improper Authentication

Overview cobbler is a network install server. Affected versions of this package are vulnerable to Improper Authentication due to the utils.getsharedsecret function. An attacker can gain full control of the server by connecting to the cobbler XML-RPC server using a hardcoded user and password...