CWE-259: CWE-259

Total CVEs

Critical

High

8.4

Avg CVSS

Yearly Trend

2026

2025

2024

2023

2022

Top Affected Vendors

1 Totolink 3

2 Dell 2

3 H3c 2

4 Trendnet 2

5 Cisco 2

6 Lb Link 1

7 Doverfuelingsolutions 1

8 Commscope 1

9 Vonets 1

10 Netwrix 1

All CWE-259 CVEs (67)

CVE-2025-13252

7.3

This vulnerability involves hard-coded credentials in the RSA/OAuth2/Database component of shsuishang ShopSuite ModulithShop, allowing attackers to ga...

Nov 16, 2025

CVE-2025-2322

7.3

This CVE describes a critical vulnerability in a Spring Boot ChatGPT integration component where hard-coded credentials were found in the source code....

Mar 15, 2025

CVE-2021-32521

7.3

This vulnerability in QSAN Storage Manager, XEVO, and SANOS allows local attackers to escalate privileges by using the system's MAC address as an auth...

Jul 7, 2021

CVE-2024-27164

7.1

Toshiba printers contain hardcoded credentials (CWE-259) that could allow attackers to gain unauthorized access to device management interfaces. This ...

Jun 14, 2024

CVE-2025-25984

6.8

This vulnerability in Macro-video Technologies V380E6_C1 IP cameras allows a physically proximate attacker to execute arbitrary code via the UART inte...

Apr 18, 2025

CVE-2025-61330

6.5

A hard-coded weak password vulnerability in H3C Magic-branded devices allows attackers to gain root access via Telnet. This affects all Magic-branded ...

Oct 16, 2025

CVE-2025-57788

EPSS 85.3% 6.5

This vulnerability allows unauthenticated attackers to execute API calls without credentials in Commvault software, bypassing authentication mechanism...

Aug 20, 2025

CVE-2022-26388

6.4

This CVE describes a hard-coded password vulnerability in multiple Hillrom ELI electrocardiograph devices. Attackers who discover the hard-coded crede...

Feb 7, 2025

CVE-2024-7159

5.5

This CVE describes a critical vulnerability in TOTOLINK A3600R routers where the Telnet service uses a hard-coded password in the product.ini file. At...

Jul 28, 2024

CVE-2025-12676

5.3

The KiotViet Sync WordPress plugin uses a hardcoded password for authentication, allowing unauthenticated attackers to bypass authorization and create...

Nov 5, 2025

CVE-2025-9310

5.3

This vulnerability exposes hard-coded credentials in the Druid component of yeqifu carRental software, allowing attackers to gain unauthorized access ...

Aug 21, 2025

CVE-2025-47748

5.3

Netwrix Directory Manager versions 11.0.0.0 and earlier, plus versions after 11.1.25134.03, contain a hardcoded password vulnerability (CWE-259). This...

May 28, 2025

CVE-2025-2342

5.3

The IROAD X5 Mobile App up to version 5.2.5 on Android contains hard-coded credentials in its API endpoints, allowing remote attackers to potentially ...

Mar 16, 2025

CVE-2024-32210

5.3

CVE-2024-32210 is a hard-coded credential vulnerability in LoMag WareHouse Management application versions 1.0.20.120 and older. This allows attackers...

May 1, 2024

CVE-2024-33867

4.8

Linqi versions before 1.4.0.1 on Windows contain a hardcoded password salt, which weakens password security by making password hashes predictable. Thi...

May 14, 2024

CVE-2025-5379

4.3

The NuCom NC-WR744G router version 8.5.5 Build 20200530.307 contains hard-coded credentials in its console application, allowing attackers to gain una...

May 31, 2025

CVE-2025-2556

4.3

The Audi UTR Dashcam 2.0 contains hard-coded credentials in its Video Stream Handler component, allowing attackers on the local network to access vide...

Mar 20, 2025

← Previous Page 2 of 2

About CWE-259 (CWE-259)

Our database tracks 67 CVEs classified as CWE-259, with 31 rated critical and 23 rated high severity. The average CVSS score for CWE-259 vulnerabilities is 8.4.

External reference: View CWE-259 on MITRE CWE →

Monitor CWE-259 Vulnerabilities

Get alerted when new CWE-259 CVEs affect your infrastructure.

Start Monitoring Free