EVlink City < R8 V3.4.0.1 - Authentication Bypass

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker t...

CVE-2023-40717

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

CVE-2025-36572

Dell PowerStore, versions 4.0.0.0, contains an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based o...

CVE-2024-50377

A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability is associated to the backup configuration functionality that by default encrypts the...

CVE-2024-39582

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure...

CVE-2024-39582

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure...

CVE-2024-39582

Dell PowerScale InsightIQ 5.0 is affected by CVE-2024-39582 due to use of hard-coded credentials in the product. A high-privileged attacker with local access could exploit this to cause information disclosure. Root cause is the hard-coded credentials embedded in the software. No exploitation deta...

LumisXP 16.1.x Hardcoded Credentials / IDOR

===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...

CVE-2024-0865

CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user...

CVE-2024-0865

CVE-2024-0865 affects Schneider Electric EcoStruxure IT Gateway (installer). Root cause: hard-coded credentials in the installer enable local privilege escalation for users with low privileges; attacker must already execute code locally. Exploitation details are described in ZDI reports (local es...

CVE-2023-5456

CVE-2023-5456 is a CWE-798 vulnerability affecting AiLux imx6 bundle prior to version imx6_1.0.7-2. The issue arises from hard-coded credentials in the MariaDB database used by the web application, enabling a remote unauthenticated attacker to access the database service and all data with the web...

CVE-2023-32227

Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials...

Hardcoded credentials

Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials...

CVE-2023-32227

The CVE-2023-32227 entry concerns Synel SYnergy Fingerprint Terminals with CWE-798 (Use of Hard-coded Credentials). Connected sources confirm a vulnerability in the Synel SYnergy line where credentials are hard-coded, enabling high-impact exposure (CVE metrics show CVSS v3.1 base score 9.8, netwo...

CVE-2023-31184

CVE-2023-31184 – ROZCOM client is connected to reports describing hard-coded credentials in Rozcom intercoms. The THN article links this to broader vulnerabilities in QuickBlox and notes that Rozcom’s implementation could enable impersonation and full account takeover. Reported impact includes do...

Contec Health CMS8000 Patient Monitor (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Contec Health Equipment: CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor Vulnerabilities: Improper Access Control, Uncontrolled Resource Consumption, Use of Hard-Coded Credentials, Active Debug Code 2. RISK EVALUATION...

Honeywell Safety Manager

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Safety Manager 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow for configuration and firmware manipulation or remote code execution. 3. TECHNICAL...

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed

KL-001-2021-002: CommScope Ruckus IoT Controller Hard-coded API Keys Exposed Title: CommScope Ruckus IoT Controller Hard-coded API Keys Exposed Advisory ID: KL-001-2021-002 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-002.txt 1. Vulnerabilit...

Advantech WISE-PaaS RMM

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WISE-PaaS/RMM Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information...

Barco wePresent WiPG-1600W Global Hardcoded Root SSH Password Vulnerability

Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have a hardcoded root password hash included in the firmware image. Title: Barco wePresent Global Hardcoded Root SSH Password Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-008.txt 1...