PT-2025-6094 · Tenda · Tenda W18E

Name of the Vulnerable Software and Affected Versions: Tenda W18E version V16.01.0.81625 Description: The issue concerns hardcoded credentials in the Tenda W18E device, allowing unauthenticated remote attackers to gain root access to the device over the telnet service. This enables attackers to...

CVE-2024-46436

CVE-2024-46436 : Affects Tenda W18E device with firmware V16.01.0.8(1625). Public data states hardcoded credentials enable unauthenticated remote attackers to gain root access via the telnet service. This is consistent across multiple sources in the connected set. Root access via telnet constitut...

CVE-2024-36556

Forever KidsWatch Call Me KW50 R36YDRA3PWGM7SV1.02019071516.19.24cobh, and Forever KidsWatch Call Me 2 KW60 R36CWYDES4A292V1.02023.05.2422.49.44cobb have a Hardcoded password vulnerability...

CVE-2024-47256

CVE-2024-47256 affects 2N Access Commander prior to version 3.3 (notably 1.14 and older). The issue allows an attacker with Admin privileges to read a hardcoded AES passphrase used to decrypt data in certain backup files, enabling potential exposure of backup contents. 2N released version 3.3 to ...

CVE-2024-47256

Successful exploitation of this vulnerability could allow an attacker who needs to have Admin access privileges to read hardcoded AES passphrase, which may be used for decryption of certain data within backup files of 2N Access Commander version 1.14 and older. 2N has released an updated version...

CVE-2024-36556

Forever KidsWatch Call Me KW50 R36YDRA3PWGM7SV1.02019071516.19.24cobh, and Forever KidsWatch Call Me 2 KW60 R36CWYDES4A292V1.02023.05.2422.49.44cobb have a Hardcoded password vulnerability...

CVE-2021-22644

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...

PT-2025-5859 · 2N · 2N Access Commander

Name of the Vulnerable Software and Affected Versions: 2N Access Commander versions 1.14 and older Description: The issue allows an attacker with Admin access privileges to read a hardcoded AES passphrase, which can be used to decrypt certain data within backup files. Recommendations: For 2N Acce...

CVE-2024-36556

The CVE-2024-36556 entry concerns Forever KidsWatch Call Me KW50 (v1.0) and Forever KidsWatch Call Me 2 KW60 (v1.0) with a hardcoded password vulnerability affecting the cob_b components. Multiple connected sources corroborate the vulnerability name and affected devices, describing a hardcoded pa...

PT-2025-5847 · Forever · Forever Kidswatch Call Me 2 Kw60 +1

Name of the Vulnerable Software and Affected Versions: Forever KidsWatch Call Me KW50 version 1.0 Forever KidsWatch Call Me 2 KW60 version 1.0 Description: The issue is related to a hardcoded password, which poses a significant security risk. This allows unauthorized access to the devices...

CVE-2024-36556

Forever KidsWatch Call Me KW50 R36YDRA3PWGM7SV1.02019071516.19.24cobh, and Forever KidsWatch Call Me 2 KW60 R36CWYDES4A292V1.02023.05.2422.49.44cobb have a Hardcoded password vulnerability...

CVE-2024-36556

Forever KidsWatch Call Me KW50 R36YDRA3PWGM7SV1.02019071516.19.24cobh, and Forever KidsWatch Call Me 2 KW60 R36CWYDES4A292V1.02023.05.2422.49.44cobb have a Hardcoded password vulnerability...

CVE-2022-1162

A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts...

CVE-2022-4333

Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...

CVE-2020-6265

SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce Data Hub, versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials...

CVE-2024-3408

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

CVE-2024-23619

A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution...

CVE-2024-10284

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21authenticationphrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site,...

CVE-2024-36248

API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under References...

CVE-2024-33891

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute...