8175 matches found
CVE-2024-0865
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user...
CVE-2024-8580
A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather...
CVE-2024-8005
A vulnerability was found in demozx gfcms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. Th...
CVE-2024-8162
A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/webcste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack...
Security Bulletin: Multiple Security Vulnerabilities were found in IBM Security Verify Access Appliance. (CVE-2024-49803, CVE-2024-49804, CVE-2024-49805, CVE-2024-49806)
Summary Multiple Security Vulnerabilities were addressed in the IBM Security Verify Access Appliance management interface. Vulnerability Details CVEID:CVE-2024-49803 DESCRIPTION: IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute...
CVE-2024-9643
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...
CVE-2024-9643
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...
CVE-2024-9643 Four-Faith F3x36 Hidden Debug Credentials
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...
CVE-2024-9643 Four-Faith F3x36 Hidden Debug Credentials
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...
Four-Faith F3x36 安全漏洞
The Four-Faith F3x36 is a portable wireless mobile router from Four-Faith China. A security vulnerability exists in Four-Faith F3x36 version v2.0.0, which stems from the use of hard-coded credentials. An attacker could exploit the vulnerability to gain administrative access via a specially crafte...
PT-2025-3731
Name of the Vulnerable Software and Affected Versions Four-Faith F3x36 router version 2.0.0 Description The issue is related to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via...
CISA: Contec CMS8000 Contains a Backdoor
This fact sheet details an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health HPH sector. Analysts discovered that an embedded backdoor function with a hard-coded IP address and functionality that enables patient data...
Elspec G5 Digital Fault Recorder Use of Hard-coded Credentials (CVE-2024-22083)
An issue was discovered in Elspec G5 digital fault recorder. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
SunGrow WiNet-S 安全漏洞
SunGrow WiNet-S is a LAN communication module from SunGrow, China. A trust management issue vulnerability exists in SunGrow WiNet-S version V200.001.00.P027 and prior versions, which stems from the use of hard-coded MQTT credentials. An attacker could use this vulnerability to send arbitrary...
CVE-2024-55927
A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions...
CVE-2024-55927
A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions...
CVE-2024-55927 Flawed token generation implementation & Hard-coded key implementation
A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions...
CVE-2024-55927 Flawed token generation implementation & Hard-coded key implementation
A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions...
CVE-2024-55927
CVE-2024-55927 affects Xerox Workplace Suite. The flaw stems from flawed token generation and hard-coded keys, enabling potential unauthorized access to sensitive functions. Affected versions include those prior to 5.6.701.9. Remediation: update to 5.6.701.9 or later; as a temporary workaround, r...
PT-2025-3155 · Xerox · Xerox Workplace Suite
Name of the Vulnerable Software and Affected Versions: Xerox Workplace Suite versions prior to 5.6.701.9 Description: A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading t...