PT-2025-31597 · Unknown · Quantum Superloader 3 V94.0 005E.0H

Name of the Vulnerable Software and Affected Versions: Quantum SuperLoader 3 V94.0 005E.0h Description: Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account due to a limited number of possible passwords 65536. Recommendations: At the moment, there is no...

CVE-2019-19145

The CVE-2019-19145 entry affects Quantum SuperLoader 3 devices, specifically version V94.0 005E.0h, due to a hard-coded account with only 65,536 possible passwords, enabling unauthorized access as described in multiple connected sources. The reports describe the root cause as a hard-coded credent...

CVE-2019-19145

Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords...

CVE-2019-19145

Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords...

CVE-2014-125121 Array Networks vAPV and vxAG Default Credential Privilege Escalation

Array Networks vAPV version 8.3.2.17 and vxAG version 9.2.0.34 appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials or SSH private key and insecure permissions on a startup script. The devices ship with a default SSH login or a...

(Pwn2Own) QNAP QHora-322 backup Use of Hard-coded Cryptographic Key Privilege Escalation Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the Backup and Restore functionality. The issue results from the use of a...

PT-2025-31541 · Undefined · Undefined

Array Networks vAPV version 8.3.2.17 and vxAG version 9.2.0.34 appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials or SSH private key and insecure permissions on a startup script. The devices ship with a default SSH login or a...

TP-Link Archer C50 router is vulnerable to configuration-file decryption

Overview The TP-Link Archer C50 router, which has reached End-of-Life EOL, contains a hardcoded encryption key in its firmware, enabling decryption of sensitive configuration files. This vulnerability allows attackers to trivially access administrative credentials, Wi-Fi passwords, and other...

USN-7677-1: cloud-init vulnerabilities

Harry Sintonen discovered that the hotplugd socket in cloud-init was world writable. An attacker could possibly use this issue to send hotplug-hook commands. CVE-2024-11584 It was discovered that cloud-init granted root access to a hardcoded URL with a local IP address when a non-x86 platform is...

Android-Reports-and-Resources

It is an offensive tool for Android. This repository contains a list of Android Hackerone disclosed reports and other resources, including hardcoded credentials, WebView vulnerabilities, insecure deeplinks, and RCE/ACE exploits. The primary report is CVE-2021-XXXX-XXXX, but only a few reports are...

CVE-2025-45466

Unitree Go1 = Go120220511 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext...

CVE-2025-31953

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

PT-2025-30848 · Unitree · Unitree Go 1

Name of the Vulnerable Software and Affected Versions: Unitree Go1 versions through Go1 2022 05 11 Description: The Unitree Go1 is susceptible to an incorrect access control issue. This is due to authentication credentials being hardcoded in plaintext. Recommendations: Unitree Go1 versions throug...

CVE-2025-45466

Unitree Go1 = Go120220511 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext...

CVE-2025-45466

CVE-2025-45466 affects Unitree Go1 (and Go1_2022_05_11 and older) due to hardcoded plaintext credentials causing an Improper Access Control vulnerability. The issue enables network-based access with no user interaction, requiring low privileges and low attack complexity; the impact is high confid...

CVE-2025-54137

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

CVE-2025-31953

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

CVE-2025-31953

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

CVE-2025-31953 HCL iAutomate is affected by hardcoded credentials

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

CVE-2025-31953 HCL iAutomate is affected by hardcoded credentials

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...