PT-2024-13716 · Hongdian · H8951-4G-Esp +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The authentication cookies are generated using an algorithm based on the username, a hardcoded secret, and the up-time, and can be guessed in a reasonab...

PT-2024-13713 · Hongdian · H8951-4G-Esp +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows for the download of configuration backups without proper authorization. These backups contain passwords that can be decrypted using a...

PT-2024-13710 · Device · Device

Name of the Vulnerable Software and Affected Versions: Device affected versions not specified Description: The root user password is hardcoded into the device and cannot be changed in the user interface. Additionally, there is an issue where a user's browser may be forced to execute JavaScript an...

PT-2024-13391 · Npm · @Evershop/Evershop

Name of the Vulnerable Software and Affected Versions: @evershop/evershop versions prior to 1.0.0-rc.8 Description: An issue was discovered in NPM's package @evershop/evershop where the HMAC secret used for generating tokens is hardcoded as "secret". This poses a risk because attackers can use th...

D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the ONVIF API. The issue results from the u...

PT-2024-1094 · D Link · D-Link Dcs-8300Lhv2

Name of the Vulnerable Software and Affected Versions: D-Link DCS-8300LHV2 Description: The issue is related to the configuration of the ONVIF API in the D-Link DCS-8300LHV2 Wi-Fi camera, which is associated with weaknesses in the authentication procedure. This allows a remote attacker to bypass...

The vulnerability of the MySQL software component used for managing power supply sources in Voltronic Power View. This allows a hacker to elevate their privileges to the level of an administrator.

The vulnerability of the MySQL component in the software for managing power sources in Voltronic Power ViewPower Pro lies in the use of rigidly encoded credentials. Exploiting this vulnerability could allow an attacker to elevate their privileges to the level of an administrator...

Bosch Nexo cordless nutrunner security breach

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows remote attackers to authenticate to the SSH service with root privileges via a hidden...

CVE-2023-27098

TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel...

CVE-2023-27098

TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel...

Hardcoded credentials

TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel...

CVE-2023-27098

TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel...

CVE-2023-27098

Summary: CVE-2023-27098 affects the TP-Link Tapo APK up to v2.12.703, where the login panel is protected by hardcoded credentials. This Java/mobile app issue enables unauthorized access to protected login functionality, potentially exposing user data. What’s affected: TP-Link Tapo APK (Android) v...

Hardcoded credentials

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671...

Siemens SCALANCE Family Products Use of Hard-Coded Cryptographic Key (CVE-2023-44318)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU, RUGGEDCOM RM1224 LTE4G NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router Annex A, SCALANCE M812-1 ADSL-Router Annex B, SCALANCE M816-1 ADSL-Router Annex A, SCALANCE M816-1 ADSL-Router Annex B, SCALANCE M826-2 SHDSL-Router, SCALANC...

PT-2024-1678 · Tp Link · Tp-Link Tapo Apk

Name of the Vulnerable Software and Affected Versions: TP-Link Tapo APK up to v2.12.703 Description: The issue is related to the use of hardcoded credentials for access to the login panel in the TP-Link Tapo APK. This allows a remote attacker to gain unauthorized access to protected information...

SolarWinds Access Rights Manager Hardcoded Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a RabbitMQ instance. The issue results from the use...

CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...

CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...

PT-2024-12647 · Automatic Systems · Automatic Systems Soc Fl9600

Name of the Vulnerable Software and Affected Versions: Automatic Systems SOC FL9600 FirstLane version V06 lego T04E00 Automatic Systems SOC FL9600 FastLine version v.legoT04E00 Description: An issue in Automatic Systems SOC FL9600 allows a remote attacker to obtain sensitive information because...