7555 matches found
CVE-2022-36170
MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion...
CVE-2022-36611
TOTOLINK A800R V4.1.2cu.5137B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample...
CVE-2022-36610
TOTOLINK A720R V4.1.5cu.532B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample...
CVE-2022-36614
TOTOLINK A860R V4.1.2cu.5182B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample...
CVE-2022-36616
TOTOLINK A810R V4.1.2cu.5182B20201026 and V5.9c.4050B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample...
CVE-2022-36612
TOTOLINK A950RG V4.1.2cu.5204B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample...
CVE-2022-34045
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh...
CVE-2022-35540
Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...
CVE-2022-34005
An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 sub-issue 1. NOTE: as of...
CVE-2022-29960
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities...
CVE-2022-29962
The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials but may often be disabled in production. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350...
CVE-2022-29953
The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality...
CVE-2022-29964
The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350...
CVE-2022-29963
The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350...
CVE-2022-28605
Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory...
CVE-2022-24693
Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...
CVE-2022-24255
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges...
CVE-2022-20868
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit thi...
CVE-2022-36613
TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample...
CVE-2022-22928
MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code...