CVE-2019-15015

In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system...

CVE-2013-0694

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...

CVE-2018-17558

Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03...

CVE-2017-7576

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials such as the username of energetic and password of wireless meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in...

CVE-2016-2358

Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts...

The Ongoing Risks of Hardcoded JWT Keys

In early May 2025, Cisco released software fixes to address a flaw in its IOS XE Software for Wireless LAN Controllers WLCs. The vulnerability, tracked as CVE-2025-20188, has a CVSS score of 10.0 and could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible syste...

TeleMessage archiving backend 安全漏洞

TeleMessage archiving backend is an enterprise-grade communications archiving platform from TeleMessage Israel that supports SMS/voice/social media compliant storage and auditing. A security vulnerability exists in TeleMessage archiving backend version 2025-05-05 and earlier, which stems from API...

PT-2025-20382 · Telemessage · Telemessage Archiving Backend

Name of the Vulnerable Software and Affected Versions: TeleMessage archiving backend versions through 2025-05-05 Description: The issue concerns the acceptance of API calls from the TM SGNL aka Archive Signal app to request an authentication token, using hardcoded credentials. The credentials use...

VulnCheck KEV: CVE-2021-27162

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP...

CVE-2025-32985

NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files...

CVE-2025-32985

NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files...

CVE-2025-32985

NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files...

PT-2025-17943 · Netscout · Netscout Ngeniusone

Name of the Vulnerable Software and Affected Versions: NETSCOUT nGeniusONE versions prior to 6.4.0 b2350 Description: The issue concerns hardcoded credentials in NETSCOUT nGeniusONE that can be obtained from JAR files. Recommendations: For versions prior to 6.4.0 b2350, update to version 6.4.0...

CVE-2025-32985

CVE-2025-32985 affects NETSCOUT nGeniusONE prior to version 6.4.0 b2350. Root cause: hardcoded credentials embedded in a JAR file, enabling credential disclosure that leads to a high-impact loss of confidentiality, integrity, and availability (CVSS 3.1 base score 9.8). The vulnerability is descri...

CVE-2025-32985

NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files...

CVE-2025-32985

NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files...

CVE-2025-28230

Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers to access hardcoded administrator credentials...

CVE-2025-3426

We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-enginee...

CVE-2024-41794

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they ar...

CVE-2024-41794

The CVE-2024-41794 entry refers to Siemens SENTRON 7KT PAC1260 Data Manager (All versions) with hardcoded credentials enabling remote root access. Affected devices could be accessed unauthenticated remotely if SSH is enabled, potentially allowing full device compromise. The related CVE-2024-41793...