EUVD-2025-205867

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. T...

CVE-2025-15371

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. T...

CVE-2025-15371 Tenda i24 Shadow File hard-coded credentials

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. T...

CVE-2025-15371

Affected products: Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to version 65.10.15.6. Root cause: manipulation of the Shadow File component via input Fireitup, enabling hard-coded credentials. Local access required. Public exploit details exist. Remediation: upgrade to a...

CVE-2025-15371 Tenda i24 Shadow File hard-coded credentials

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. T...

EUVD-2023-60534

Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms...

Tenda多款产品 信任管理问题漏洞

Tenda i24 and others are products of Tenda, a Chinese company. tenda i24 is a wireless router. tenda 4G03 is a wireless router tenda 4G05 is a wireless router. A trust management issue vulnerability exists in various Tenda products.The vulnerability stems from incorrect operation of the Shadow Fi...

PT-2025-54267

Name of the Vulnerable Software and Affected Versions Tenda i24 versions prior to 65.10.15.7 Tenda 4G03 Pro versions prior to 65.10.15.7 Tenda 4G05 versions prior to 65.10.15.7 Tenda 4G08 versions prior to 65.10.15.7 Tenda G0-8G-PoE versions prior to 65.10.15.7 Tenda Nova MW5G versions prior to...

PT-2025-54425

Name of the Vulnerable Software and Affected Versions Cypress Solutions CTM-200/CTM-ONE version 1.3.6 Description The software contains a hard-coded credential issue in its Linux distribution, exposing root access. An attacker can exploit the static password 'Chameleon' to gain remote root access...

Cypress CTM-ONE 信任管理问题漏洞

The Cypress CTM-ONE is a wireless LTE gateway from Cypress Canada. A trust management issue vulnerability exists in Cypress CTM-ONE version 1.3.6, which stems from the presence of hard-coded credentials in the Linux distribution that could allow an attacker to gain remote root access...

CVE-2023-53983

Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms...

SOUND4多款产品 信任管理问题漏洞

SOUND4 IMPACT and others are products of SOUND4, a French company.SOUND4 IMPACT is a professional broadcast audio processor.SOUND4 FIRST is an audio processor for broadcasting.SOUND4 PULSE is an audio processor. A trust management issue vulnerability exists in various SOUND4 products that stems...

rustfs 信任管理问题漏洞

rustfs is a high performance object storage system from the RustFS open source. A trust management issue vulnerability exists in versions prior to rustfs 1.0.0-alpha.77, which stems from the use of hard-coded static tokens for gRPC authentication, and could lead to privileged operations such as...

PT-2025-54252

Name of the Vulnerable Software and Affected Versions Anevia Flamingo XL/XS version 3.6.20 Description The software contains a critical issue involving weak default administrative credentials. Attackers can easily guess these credentials to gain full remote system control without complex...

CVE-2025-15107

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is...

CVE-2025-15108

A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be...

Exploit for Use of Hard-coded Credentials in Gladinet Centrestack

CVE-2025-14611 CentreStack and Triofox full Poc/Exploit Su...

CVE-2025-15105

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the config.yml file. An attacker can gain unauthorized access to sensitive information by exploiting the presence of a hard-coded cryptographic key. Remediation A fix was pushed into the master...

CVE-2025-15108

A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be...