CVE-2025-9725

A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...

CVE-2025-9725

CVE-2025-9725 – Cudy LT500E Web shadow hard-coded password . The vulnerability affects LT500E devices up to firmware 2.3.12, in the Web Interface’s /squashfs-root/etc/shadow function, allowing use of a hard-coded password. Exploitation is local, with high attack complexity and reported exploitabi...

CVE-2025-9725 Cudy LT500E Web shadow hard-coded password

A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...

CVE-2025-9725 Cudy LT500E Web shadow hard-coded password

A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...

CVE-2025-8857

Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code...

CVE-2025-9604

A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...

CVE-2025-56577

An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys...

PT-2025-35412

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.05.19 Description: A vulnerability exists in Tenda AC9 version 15.03.05.19 related to hard-coded credentials within the Administrative Interface component. The vulnerability resides in an unknown function of the /etc...

PT-2025-35404

Name of the Vulnerable Software and Affected Versions Cudy LT500E versions prior to 2.3.13 Description A vulnerability exists in Cudy LT500E up to version 2.3.12. The issue resides in an unknown function within the /squashfs-root/etc/shadow file of the Web Interface component, leading to the use ...

Cudy LT500E 安全漏洞

The Cudy LT500E is a wireless router from the Chinese company Cudy. A security vulnerability exists in the Cudy LT500E version 2.3.12 and earlier, which stems from the firmware's use of hard-coded passwords in the /squashfs-root/etc/shadow file...

CVE-2025-41702

The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key...

CVE-2025-58081

Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier allows a remote unauthenticated attacker to view arbitrary files with root privileges...

Linux Distros Unpatched Vulnerability : CVE-2024-58134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These...

CVE-2025-56577

An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys...

CVE-2025-56577

An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys...

CVE-2025-8857

Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code...

CVE-2025-8857 Changing｜Clinic Image System - Use of Hard-coded Credentials

Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code...

CVE-2025-8857

CVE-2025-8857 concerns the Clinic Image System developed by Changing, where the vulnerability arises from hard-coded administrator credentials embedded in the source code. The impact described across connected documents is unauthenticated remote login to the system, potentially compromising confi...

CVE-2025-8857 Changing｜Clinic Image System - Use of Hard-coded Credentials

Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the form of AuthSecretKey, StateSecretKey, and OAuthTokenSecretKey as defined in aes.go, which are used when generating the callback URL for OAuth authentication. Remediation Upgrade...