7862 matches found
CVE-2026-35075
CVE-2026-35075: An unauthenticated remote attacker can recover a default, hard-coded password from a firmware image, gaining full access to all affected devices. The Connected documents confirm the vulnerability allows extraction of the credential from firmware and implies full device compromise;...
ZyXel USG - Hardcoded Credentials
A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP. id: CVE-2020-29583 info: name: ZyXel USG - Hardcoded Credentials autho...
TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability
A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747B20191224. This vulnerability affects an unknown part of the file /webcste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely...
EVlink City < R8 V3.4.0.1 - Authentication Bypass
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker t...
PT-2026-45916
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...
CVE-2019-25722
Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...
CVE-2019-25722
The CVE-2019-25722 entry concerns Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL). Affected component: source code contains hard-coded plaintext credentials that can be used by a local attacker to access service and clinical accounts; a remote attacker can send m...
CVE-2019-25722
Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...
CVE-2019-25722 Dräger SC Monitoring Devices Hard-coded Credentials and DoS
Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...
EUVD-2019-20158
Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...
CVE-2019-25722 Dräger SC Monitoring Devices Hard-coded Credentials and DoS
Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...
PT-2026-45811
Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty
Summary IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than...
CVE-2026-42251
Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...
CVE-2026-42251
The CVE concerns KS-SOMED where hard-coded credentials in KSPLUPDFTP.exe (up to 30.00.00.056) and ANEKSKLIENT.EXE (up to 29.00.02.026) allowed an unauthorized actor to access an FTP server hosting update packages. This could enable uploading a malicious update that might be distributed and instal...
CVE-2026-42251
Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...
CVE-2026-42251 Hard-coded credentials in KS-SOMED
Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...
EUVD-2026-33642
Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...
CVE-2026-42251 Hard-coded credentials in KS-SOMED
Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...
CVE-2026-25600
The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...