3831 matches found
CVE-2026-42929
CVE-2026-42929 affects the Danelec MacGregor Voyage Data Recorder (VDR) — specifically the G4e line — where default accounts are hard-coded. This represents a credential-related vulnerability (high impact) with CVSS 3.1/3.4-like metrics indicating unauthorized access potential from adjacent netwo...
CVE-2026-7786 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials
Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...
CVE-2026-7786
The CVE-2026-7786 affects Jinan USR IOT’s USR-W610 RS232/485 to Wi‑Fi/Ethernet Converter. The firmware image contains plaintext administrative credentials that can be extracted via firmware analysis and used to authenticate to device services, enabling administrator access. Reported CVSS v3.1 sco...
CVE-2026-46376
FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...
CVE-2026-46376
FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...
CVE-2026-46376 FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...
CVE-2026-46376 FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...
EUVD-2026-33295
FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...
CVE-2026-46376
FreePBX UCP vulnerability (CVE-2026-46376): from 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may access the User Control Panel via hard-coded initial template credentials if not changed by the admin. Post-exploitation requires only no admin steps beyond initial UCP setup; authenti...
PT-2026-44926
Name of the Vulnerable Software and Affected Versions Danelec MacGregor Voyage Data Recorder affected versions not specified Description The software includes default accounts with hard-coded credentials, which can allow unauthorized access to the system. Recommendations At the moment, there is n...
SDMC NE6037 信任管理问题漏洞
SDMC NE6037 is a wired modem produced by SDMC Corporation in China. The SDMC NE6037 cable modem routers come in versions 7.1.6.0.25 and 7.1.6.1.9B9. There are vulnerabilities related to trust management in these versions. The vulnerability stems from hard-coded passwords present in the Web...
Schneider Electric MiCOM Use of Hard-coded Credentials (CVE-2026-4832)
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot f...
CVE-2026-5065
IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...
CVE-2026-5065
IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...
CVE-2026-5065 IBM Controller is affected by vulnerabilities
IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...
EUVD-2026-32423
IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...
CVE-2026-5065 IBM Controller is affected by vulnerabilities
IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...
CVE-2026-5065
CVE-2026-5065: IBM Controller versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contain hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. Affected products: IBM Controller 11.0.1–11.1.2. Severity is high (CVSS v3.1: 8.8, NETWORK attack vector, ...
PT-2026-43975
Name of the Vulnerable Software and Affected Versions IBM Controller versions 11.0.1 through 11.1.2 Description IBM Controller contains hard-coded credentials, such as passwords or cryptographic keys. These credentials are used for inbound authentication, outbound communication to external...
CVE-2026-9139
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...