CVE-2025-2555

Audi Universal Traffic Recorder App 2.0 is affected by CVE-2025-2555 due to a hard-coded password in the FTP Credentials component. The issue enables local attack exploitation; attack complexity is high and exploitation is disclosed publicly. Upgrading to version 2.89 (new customers) or 2.90 (exi...

CVE-2024-12433

A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the serve...

CVE-2024-12433 Remote Code Execution in infiniflow/ragflow

A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the serve...

CVE-2024-12433

CVE-2024-12433 affects infiniflow/ragflow v0.12.0. The RPC server uses a hard-coded AuthKey (authkey=b'infiniflow-token4kevinhu') and deserializes incoming data with pickle.loads() on connection.recv(), enabling remote code execution. Fixed in v0.14.0. A PoC/proof-of-concept is available in publi...

Esri ArcGIS Enterprise 信任管理问题漏洞

Esri Portal for ArcGIS is a Web-based geographic information system GIS platform. A hard-coded credentials vulnerability exists in Esri Portal for ArcGIS, which can be exploited by an attacker to gain administrative access to the system...

Audi Universal Traffic Recorder App 安全漏洞

The Audi Universal Traffic Recorder App is a special app for traffic recorders from Audi, which can be used to connect to a traffic recorder, view previews, lock videos, and other operations. A security vulnerability exists in the Audi Universal Traffic Recorder App version 2.0, which stems from...

Audi UTR Dashcam 安全漏洞

Audi UTR Dashcam is a high performance Audi car recorder from Audi Germany. It is used to accurately videotape and record details during driving. A security vulnerability exists in Audi UTR Dashcam version 2.0, which stems from the use of hard-coded credentials by the Video Stream Handler...

CVE-2024-48831

Dell SmartFabric OS10 Software, versions 10.5.6.x, contains a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

CVE-2019-17659

A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image...

CVE-2024-54027

A Use of Hard-coded Cryptographic Key vulnerability CWE-321 in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access t...

CVE-2025-2343

A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is required for this atta...

CVE-2025-2342

A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the...

ROADCAM X3 安全漏洞

ROADCAM X3 is a car recorder with HD quality and easy to carry by ROADCAM. It is used to record the process of driving, and supports video cropping, sharing and other functions. ROADCAM X3 suffers from a security vulnerability that originates from the inclusion of hard-coded FTP credentials in th...

IROAD APK 安全漏洞

The IROAD APK is a mobile application from IROAD that works with the IROAD Car Recorder. A security vulnerability exists in IROAD APK version 5.2.5, which stems from the use of hard-coded credentials on ports 9091 and 9092 in the APK, which could allow an attacker to access the API endpoint and...

Forvia Hella HELLA Driving Recorder DR 820 安全漏洞

Forvia Hella HELLA Driving Recorder DR 820 is a driving recorder from Forvia. A security vulnerability exists in Forvia Hella HELLA Driving Recorder DR 820, which stems from the use of hard-coded credentials on ports 9091 and 9092 in the APK, which allows an attacker to gain unauthorized access t...

IROAD V Series 安全漏洞

IROAD V Series is a series of car recorders from IROAD. The IROAD V Series suffers from a security vulnerability that stems from the use of hard-coded default credentials in the car recorder, which allows an attacker to connect to the device's network within Wi-Fi range to sniff it...

CVE-2024-48831

Dell SmartFabric OS10 Software, versions 10.5.6.x, contains a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

CVE-2024-48831

Dell SmartFabric OS10 Software, versions 10.5.6.x, contains a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

CVE-2024-48831

Summary: CVE-2024-48831 affects Dell SmartFabric OS10 Software, specifically version 10.5.6.x. The vulnerability is a hard-coded password issue that could allow an unauthenticated, local attacker to gain unauthorized access. What’s affected: Dell SmartFabric OS10 (OS10) software; exact impacted b...

CVE-2024-48831

Dell SmartFabric OS10 Software, versions 10.5.6.x, contains a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...