CVE-2022-25807

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...

CVE-2022-30271

The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...

CVE-2022-30314

Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...

CVE-2022-30274

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...

CVE-2022-29856

A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages...

CVE-2022-36615

TOTOLINK A3000RU V4.1.2cu.5185B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

CVE-2022-46637

Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services...

CVE-2022-37857

bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default...

CVE-2022-37710

Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...

CVE-2022-4780

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change...

CVE-2022-48113

A vulnerability in TOTOLINK N200REv5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials...

CVE-2022-45766

Hardcoded credentials in Global Facilities Management Software GFMS Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes...

CVE-2022-44097

Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...

CVE-2022-25806

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...

CVE-2022-25045

Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...

CVE-2022-24657

Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol port 22...

CVE-2025-46176

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis...

CVE-2025-46176

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis...

PT-2025-22819 · D Link · D-Link Dir-816L +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 D-Link DIR-816L version 2.06B01 Description: The issue concerns hardcoded credentials in the Telnet service, allowing attackers to remotely execute arbitrary commands via firmware analysis. Recommendations: For...

CVE-2025-46176

The CVE-2025-46176 entry concerns hardcoded credentials in the Telnet service of D-Link DIR-605L (v2.13B01) and DIR-816L (v2.06B01). The root cause is hardcoded credentials in Telnet, which allows attackers to remotely execute arbitrary commands via firmware analysis. Documented impact is remote ...