CVE-2024-39208

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials...

CVE-2021-27430

GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR...

CVE-2024-41794

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they ar...

Ruckus vRIoT IoT Controller 信任管理问题漏洞

Ruckus vRIoT IoT Controller is a virtual wireless IoT controller from Ruckus USA. A trust management issue vulnerability exists in Ruckus vRIoT IoT Controller versions prior to 3.0.0.0 that stems from hard-coded credentials and could lead to the execution of arbitrary code...

PT-2026-1952

Name of the Vulnerable Software and Affected Versions Ruckus vRIoT IoT Controller versions prior to 3.0.0.0 GA Description The Ruckus vRIoT IoT Controller firmware exposes a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcod...

📄 Hustle Plugin 7.8.3 Hardcoded Credentials

Hustle plugin versions 7.8.3 and below contain hardcoded HubSpot API credentials in inc/providers/hubspot/hustle-hubspot-api.php. CVE-2024-0368 Hustle Plugin = 7.8.3 contains hardcoded HubSpot API credentials in inc/providers/hubspot/hustle-hubspot-api.php Vulnerability Summary | Field | Value |...

PT-2026-1953

Name of the Vulnerable Software and Affected Versions Ruckus vRIoT IoT Controller versions prior to 3.0.0.0 Description The Ruckus vRIoT IoT Controller firmware contains hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessib...

CVE-2025-68718

KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials root:12345678. The administrator cannot disable these services or change the hardcoded password. Changing the management GUI password does not affect SSH/TELNET...

PT-2026-1920

Name of the Vulnerable Software and Affected Versions KAYSUS KS-WR1200 version 107 Description KAYSUS KS-WR1200 routers with firmware version 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials root:12345678. The administrator cannot disable these services or...

CVE-2025-68718

KAYSUS KS-WR1200 routers, firmware 107, expose SSH and TELNET on the LAN interface with hardcoded credentials (root:12345678). The administrator cannot disable these services or change the hardcoded password, and changing the management GUI password has no effect on SSH/TELNET authentication. Any...

CVE-2019-7227

In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor ...

CVE-2019-12550

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET...

CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

CVE-2020-36915

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...

CVE-2020-36915 Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...

PT-2026-1449

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...

Adtec Digital SignEdje Digital Signage Player 安全漏洞

Adtec Digital SignEdje Digital Signage Player is a digital signage player from Adtec Digital, USA. A security vulnerability exists in Adtec Digital SignEdje Digital Signage Player version v2.08.28, which stems from the presence of multiple hardcoded default credentials that could result in gainin...

EUVD-2022-55940

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions...

CVE-2022-50696

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions...

CVE-2022-50696

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions...