PT-2025-6831 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions less than or equal to 2.11.0 Description: The issue is related to a hard-coded password for the root account, allowing an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH. This...

CVE-2024-33504

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability CWE-321 in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the...

CVE-2024-33504

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability CWE-321 in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the...

CVE-2024-54089

CVE-2024-54089 concerns Siemens APOGEE APOGEE PXC Series (BACnet and P2 Ethernet) and TALON TC Series (BACnet). Affected devices reportedly use a weak encryption mechanism based on a hard-coded key, enabling an attacker to guess or decrypt passwords from ciphertext. The available documents identi...

CVE-2024-54089

A vulnerability has been identified in APOGEE PXC Series BACnet All versions, APOGEE PXC Series P2 Ethernet All versions, TALON TC Series BACnet All versions. Affected devices contain a weak encryption mechanism based on a hard-coded key. This could allow an attacker to guess or decrypt the...

CVE-2025-26410

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...

CVE-2025-26410 Weak Hard-coded Credentials

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...

CVE-2025-26410

Wattsense Bridge firmware prior to 6.4.1 contains hard-coded user/root credentials; recovered passwords enable login via the serial interface, leading to total compromise. The backdoor user has been removed in firmware BSP >= 6.4.1. Recommended remediation: update Wattsense Bridge firmware to ...

CVE-2025-26410 Weak Hard-coded Credentials

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...

CVE-2025-1143

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system...

CVE-2025-1143 Billion Electric M120N - Use of Hard-coded Credentials

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system...

CVE-2025-1143 Billion Electric M120N - Use of Hard-coded Credentials

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system...

Fortinet FortiManager 安全漏洞

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices and the ability to group devices into different administrative domains ADOMs to further simplify multi-device security deployme...

Siemens APOGEE Series 加密问题漏洞

Siemens APOGEE Series is a family of building automation and control systems from Siemens, Germany. The Siemens APOGEE Series suffers from a cryptographic vulnerability that arises from the fact that the affected devices contain a weak encryption mechanism based on hard-coded keys. This could all...

PT-2025-6198 · Unknown · Apogee Pxc Series +1

Name of the Vulnerable Software and Affected Versions: APOGEE PXC Series BACnet All versions APOGEE PXC Series P2 Ethernet All versions TALON TC Series BACnet All versions Description: A vulnerability has been identified in the affected devices, which contain a weak encryption mechanism based on ...

PT-2025-6174 · Wattsense · Wattsense Bridge

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge versions prior to 6.4.1 Description: The firmware of all Wattsense Bridge devices contains the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered...

SolarWinds Web Help Desk 安全漏洞

SolarWinds Web Help Desk is a suite of help desk and asset management software from US-based SolarWinds. The software supports centralized knowledge base, IT asset management, project and task management, and other features. A security vulnerability exists in SolarWinds Web Help Desk versions pri...

Ivanti Connect Secure 安全漏洞

Ivanti Connect Secure ICS is a secure remote network connection tool from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.3 and Ivanti Policy Secure prior to version 22.7R1.3, which stems from the inclusion of a hard-coded key issue...

CVE-2025-1099

CVE-2025-1099 affects the TP-Link/Tapo C500 Wi‑Fi camera. The vulnerability stems from a hard-coded RSA private key embedded in the device firmware, enabling a physically proximate attacker to obtain cryptographic private keys and perform impersonation, data decryption, and man-in-the-middle atta...

Tenda W18E 信任管理问题漏洞

The Tenda W18E is a wireless router from the Chinese company Tenda. The Tenda W18E suffers from a trust management issue vulnerability that stems from the presence of hard-coded credentials, no details of the vulnerability are provided at this time...