Login Sign Up

CWE-259: CWE-259

67
Total CVEs
31
Critical
23
High
8.4
Avg CVSS

Yearly Trend

2026
4
2025
26
2024
26
2023
2
2022
3

Top Affected Vendors

1 Totolink 3
2 Dell 2
3 H3c 2
4 Trendnet 2
5 Cisco 2
6 Lb Link 1
7 Doverfuelingsolutions 1
8 Commscope 1
9 Vonets 1
10 Netwrix 1

All CWE-259 CVEs (67)

CVE-2025-20286
9.9

A critical vulnerability in Cisco ISE cloud deployments allows unauthenticated attackers to access shared credentials across multiple cloud environmen...

Jun 4, 2025
CVE-2026-25753
9.8

PlaciPy placement management system version 1.0.0 uses a hard-coded default password for all newly created student accounts, enabling attackers to log...

Feb 6, 2026
CVE-2025-11126
9.8

This vulnerability involves hard-coded credentials in the Apeman ID71 system configuration file, allowing remote attackers to gain unauthorized access...

Sep 29, 2025
CVE-2025-8730
EPSS 23.3% 9.8

This critical vulnerability in Belkin routers allows attackers to use hard-coded credentials to gain unauthorized access to the web interface. Affecte...

Aug 8, 2025
CVE-2025-30115
9.8

The Forvia Hella HELLA Driving Recorder DR 820 uses hardcoded default WiFi credentials (SSID and password 'qwertyuiop') that cannot be changed by user...

Mar 18, 2025
CVE-2025-27638
9.8

CVE-2025-27638 is a hardcoded password vulnerability in Vasion Print (formerly PrinterLogic) that allows attackers to gain unauthorized access to syst...

Mar 5, 2025
CVE-2025-1100
9.8

CVE-2025-1100 is a critical vulnerability in Q-Free MaxTime traffic management software where a hard-coded root password allows unauthenticated remote...

Feb 12, 2025
CVE-2024-25825
9.8

This vulnerability allows attackers to gain root access without authentication on affected FydeOS systems due to a wildcard root password configuratio...

Oct 9, 2024
CVE-2024-43423
9.8

The ProGauge MAGLINK LX4 CONSOLE web application contains a hardcoded administrative account with an unchangeable password, allowing attackers to gain...

Sep 25, 2024
CVE-2023-37231
9.8

Loftware Spectrum versions before 4.6 HF14 contain a hard-coded password vulnerability that allows attackers to gain unauthorized access to the system...

Sep 10, 2024
CVE-2024-42639
9.8

H3C GR1100-P routers running version v100R009 contain a hardcoded root password in the /etc/shadow file, allowing attackers to gain full administrativ...

Aug 16, 2024
CVE-2024-7332
9.8

This critical vulnerability in TOTOLINK CP450 routers allows remote attackers to access the Telnet service using a hard-coded password. Attackers can ...

Aug 1, 2024
CVE-2024-36526
9.8

ZKTeco ZKBio CVSecurity v6.1.1 contains a hardcoded cryptographic key (CWE-259), allowing attackers to decrypt sensitive data or bypass authentication...

Jul 9, 2024
CVE-2023-46685
9.8

A hard-coded password vulnerability in the telnetd functionality of LevelOne WBR-6013 routers allows attackers to execute arbitrary commands with root...

Jul 8, 2024
CVE-2024-4708
9.8

CVE-2024-4708 is a critical vulnerability in mySCADA myPRO software where attackers can use a hard-coded password to gain unauthorized access and exec...

Jul 2, 2024
CVE-2024-38902
9.8

H3C Magic R230 routers running V100R002 contain a hardcoded root password in /etc/shadow, allowing attackers to gain full administrative control. This...

Jun 24, 2024
CVE-2024-3699
9.8

CVE-2024-3699 is a critical vulnerability in drEryk Gabinet medical software where a hard-coded database password allows attackers to access sensitive...

Jun 10, 2024
CVE-2024-1228
9.8

CVE-2024-1228 is a critical vulnerability in Eurosoft Przychodnia medical software where a hard-coded database password allows attackers to access sen...

Jun 10, 2024
CVE-2024-2420
9.8

CVE-2024-2420 is a critical authentication bypass vulnerability in LenelS2 NetBox access control systems due to hardcoded credentials. Attackers can g...

May 30, 2024
CVE-2024-33625
9.8

CyberPower PowerPanel Business application contains a hard-coded JWT signing key, allowing attackers to forge authentication tokens and bypass securit...

May 15, 2024
CVE-2024-27488
9.8

This vulnerability allows remote attackers to bypass authentication and gain unauthorized access to ZLMediaKit's HTTP API interface due to a hardcoded...

Apr 8, 2024
CVE-2017-20039
9.8

CVE-2017-20039 is a critical authentication weakness in SICUNET Access Controller that allows remote attackers to bypass authentication mechanisms. Th...

Jun 11, 2022
CVE-2021-34601
9.8

Bender/ebee Charge Controllers have hardcoded SSH credentials that allow administrative access to the web-UI. This affects CC612 controllers version 5...

Apr 27, 2022
CVE-2021-22729
9.8

This vulnerability allows attackers to gain administrative access to Schneider Electric EVlink charging stations by exploiting hard-coded passwords in...

Jul 21, 2021
CVE-2019-10881
9.8

Xerox AltaLink multifunction printers have two hard-coded accounts with weak passwords that cannot be disabled. Attackers can use these credentials to...

Apr 13, 2021
CVE-2021-27440
9.8

The Reason DR60 industrial device contains a hard-coded password that cannot be changed, allowing attackers to gain unauthorized access. This affects ...

Mar 25, 2021
CVE-2021-28813
9.6

This vulnerability allows remote attackers to read sensitive information stored insecurely on affected QNAP switches. Attackers can exploit this by ac...

Sep 10, 2021
CVE-2024-34539
9.4

Hardcoded credentials in TerraMaster TOS firmware allow remote attackers to authenticate to mail/webmail servers and administration panels. This vulne...

Jun 14, 2024
CVE-2023-23770
9.4

Motorola MBTS Site Controller contains a hard-coded backdoor password in its Man Machine Interface (MMI) that cannot be changed or disabled. This allo...

Aug 29, 2023
CVE-2024-20412
9.3

This vulnerability allows unauthenticated local attackers to access Cisco Firepower Threat Defense devices using static hard-coded credentials. Attack...

Oct 23, 2024
CVE-2021-36312
9.1

Dell EMC CloudLink versions 7.1 and earlier contain hard-coded credentials that allow remote attackers with knowledge of these credentials to gain una...

Nov 23, 2021
CVE-2026-2616
8.8

This vulnerability involves hard-coded credentials in the web management interface of Beetel 777VR1 routers. Attackers on the local network can exploi...

Feb 17, 2026
CVE-2025-44955
8.8

CVE-2025-44955 is a privilege escalation vulnerability in RUCKUS Network Director (RND) where jailed users can gain root access using a weak, hardcode...

Aug 4, 2025
CVE-2025-30106
8.8

IROAD v9 dashcams have hardcoded default credentials ('qwertyuiop') that cannot be changed, allowing attackers within Wi-Fi range to connect to the de...

Mar 18, 2025
CVE-2024-37644
8.8

TRENDnet TEW-814DAP wireless access points contain a hardcoded root password in the /etc/shadow.sample file, allowing attackers to gain complete admin...

Jun 14, 2024
CVE-2024-35395
8.8

This vulnerability involves a hardcoded root password in the TOTOLINK CP900L router's sample shadow file. Attackers can use this password to gain admi...

May 24, 2024
CVE-2023-49963
8.8

DYMO LabelWriter Print Server versions through 2.366 contain a hard-coded backdoor password that allows authentication bypass. Attackers can exploit t...

Apr 19, 2024
CVE-2024-28066
8.8

CVE-2024-28066 is a hardcoded credential vulnerability in Unify CP IP Phone firmware that allows attackers to gain root access using a known default p...

Apr 8, 2024
CVE-2022-27172
8.8

CVE-2022-27172 is a hard-coded password vulnerability in InHand Networks InRouter302's console infactory functionality that allows attackers to execut...

May 12, 2022
CVE-2025-2402
8.6

KNIME Business Hub uses a hard-coded, non-random password for its MinIO object store, allowing unauthenticated remote attackers with the password to r...

Mar 31, 2025
CVE-2024-48831
8.4

Dell SmartFabric OS10 Software versions 10.5.6.x contain a hard-coded password vulnerability. An unauthenticated attacker with local access could expl...

Mar 17, 2025
CVE-2025-46067
8.2

A vulnerability in Automai Director v.25.2.0 allows remote attackers to escalate privileges and access sensitive information by uploading a malicious ...

Jan 12, 2026
CVE-2026-1610
8.1

The Tenda AX12 Pro V2 router contains hard-coded credentials in its Telnet service, allowing remote attackers to gain unauthorized access. This affect...

Jan 29, 2026
CVE-2025-25428
8.0

This vulnerability allows attackers to gain root access to TRENDnet TEW-929DRU routers using a hardcoded password. Anyone using the affected router ve...

Feb 28, 2025
CVE-2024-46328
8.0

VONETS VAP11G-300 devices contain hardcoded credentials for privileged accounts including root, allowing attackers to gain administrative access. This...

Sep 26, 2024
CVE-2025-15371
7.8

This vulnerability in Tenda networking devices allows local attackers to access hard-coded credentials through manipulation of the Shadow File compone...

Dec 31, 2025
CVE-2025-7564
7.8

This CVE discloses hard-coded credentials (root:blinkadmin) in the /etc/shadow file of LB-LINK BL-AC3600 routers. Attackers with local access can gain...

Jul 14, 2025
CVE-2024-5275
7.8

A hard-coded password in FileCatalyst TransferAgent allows attackers to unlock the keystore and extract private keys for certificates. This enables ma...

Jun 18, 2024
CVE-2025-2343
7.5

This critical vulnerability in IROAD Dash Cam X5 and X6 devices involves hard-coded credentials in the device pairing component, allowing attackers wi...

Mar 16, 2025
CVE-2023-41713
7.5

CVE-2023-41713 is a hard-coded password vulnerability in SonicWall SonicOS affecting the 'dynHandleBuyToolbar' demo function. This allows attackers to...

Oct 17, 2023

About CWE-259 (CWE-259)

Our database tracks 67 CVEs classified as CWE-259, with 31 rated critical and 23 rated high severity. The average CVSS score for CWE-259 vulnerabilities is 8.4.

External reference: View CWE-259 on MITRE CWE →

Monitor CWE-259 Vulnerabilities

Get alerted when new CWE-259 CVEs affect your infrastructure.

Start Monitoring Free