CWE-798: CWE-798

All Wattsense Bridge devices contain hard-coded credentials in their firmware, allowing attackers to gain root access via the serial interface. This a...

This CVE describes a use of hard-coded credentials vulnerability in multiple ABB industrial control system products. Attackers can use these embedded ...

This vulnerability allows remote attackers to generate valid JWT tokens using a hardcoded weak secret, enabling privilege escalation in affected EasyV...

The HI-SCAN 6040i Hitrax HX-03-19-I security scanner contains hardcoded credentials that provide vendor support and service access. This allows attack...

CVE-2024-55557 is a critical vulnerability in Weasis 4.5.1 where proxy credentials are encrypted using a hardcoded symmetric key. This allows attacker...

Ubiquiti U6-LR access points running firmware version 6.6.65 contain a hardcoded root password in the /etc/shadow file, allowing attackers to gain ful...

This vulnerability allows remote attackers to bypass authentication on Allegra installations by exploiting hard-coded database credentials. Attackers ...

CVE-2024-52295 is a critical authentication bypass vulnerability in DataEase where attackers can forge JWT tokens due to hardcoded secrets and identif...

LB-LINK BL-WR 1300H router firmware version 1.0.4 contains hardcoded credentials stored in the /etc/shadow file that are easily guessable. This allows...

IBM Flexible Service Processor (FSP) firmware contains hardcoded credentials that could allow network users to gain service privileges. This affects m...

This vulnerability allows attackers to gain root access to Kubernetes nodes using default credentials that remain enabled in VM images built with Kube...

CVE-2024-6656 is a critical vulnerability in TNB Mobile Solutions Cockpit Software where hard-coded credentials allow attackers to extract sensitive s...

This critical vulnerability in TOTOLINK T10 AC1200 routers involves hard-coded credentials in the Telnet service configuration file, allowing remote a...

H3C R3010 routers running version v100R002L02 contain a hardcoded root password in /etc/shadow, allowing attackers to gain complete administrative con...

D-Link DIR-300 REVA routers running firmware v1.06B05_WW contain hardcoded credentials in their Telnet service, allowing attackers to gain administrat...

This vulnerability allows attackers to remotely access D-Link DIR-820LW routers via Telnet using hardcoded credentials. Attackers can execute arbitrar...

This vulnerability involves hard-coded MSSQL credentials in PerkinElmer ProcessPlus software on Windows, allowing attackers to remotely authenticate t...

CVE-2024-28747 allows unauthenticated remote attackers to access SmartSPS devices using hard-coded credentials with high privileges. This affects all ...

CVE-2024-39208 is a critical vulnerability in luci-app-lucky v2.8.3 that contains hardcoded credentials, allowing attackers to bypass authentication a...

TELSAT marKoni FM Transmitters contain a hidden admin account with hard-coded credentials, allowing attackers to gain administrative access. This affe...

CVE-2024-36480 is a critical vulnerability in Ricoh Streamline NX PC Client versions 3.7.2 and earlier that uses hard-coded credentials. If exploited,...

Shenzhen Guoxin Synthesis image systems before version 8.3.0 have a hardcoded default password '123456Qw' that cannot be changed by users. This allows...

This vulnerability allows attackers to access the maintenance console of affected devices using hard-coded credentials for a hidden wireless network. ...

CVE-2024-3408 is a critical vulnerability in dtale versions 3.10.0 that allows attackers to bypass authentication and execute arbitrary code on the se...

This vulnerability allows attackers to gain root access to TOTOLINK CP300 routers by using a hardcoded password found in a sample configuration file. ...

MinMax CMS contains a hidden administrator account with a fixed, unchangeable password that cannot be removed or disabled. Remote attackers who discov...

This vulnerability involves a hardcoded root password in the TOTOLINK CP900L router's configuration file, allowing attackers to gain administrative ac...

This vulnerability involves undocumented users with hardcoded credentials in SIMATIC CN 4100 devices. Attackers can use these credentials to gain unau...

This vulnerability involves a hardcoded root password in TOTOLINK EX200 routers, allowing attackers to gain administrative access. Anyone using affect...

This vulnerability allows remote attackers to bypass authentication on D-Link D-View systems by exploiting hard-coded database credentials in the Inst...

This vulnerability in D-Link network storage devices allows remote attackers to access hard-coded credentials via HTTP GET requests to the nas_sharing...

This vulnerability involves hard-coded credentials in Kiloview NDI devices, allowing unauthenticated attackers to bypass authentication and gain unaut...

The INPRAX 'iZZi connect' Android application contains hard-coded MQTT queue credentials that are shared with physical recuperation devices. This allo...

This vulnerability allows unauthenticated remote attackers to gain full administrative access to Siemens Location Intelligence products by exploiting ...

This vulnerability in SCHUHFRIED v.8.22.00 allows remote attackers to retrieve the database password without authentication via a crafted curl command...

This vulnerability allows remote attackers to gain root access to D-LINK Go-RT-AC750 routers via telnet using a hardcoded password for the Alphanetwor...

Rapid SCADA versions before 5.8.4 contain hard-coded credentials that allow attackers to connect to a specific port. This affects all users running vu...

Gessler GmbH WEB-MASTER devices contain a restoration account with hard-coded credentials that cannot be changed. If exploited, attackers can gain adm...

The TOTOLINK A8000RU router version 7.1cu.643_B20200521 contains a hardcoded root password in the /etc/shadow file, allowing attackers to gain adminis...

IBM Merge Healthcare eFilm Workstation contains hardcoded credentials that allow remote unauthenticated attackers to access the system. This vulnerabi...

Multisuns EasyLog web+ uses hard-coded credentials that allow remote attackers to gain unauthorized access. This vulnerability enables attackers to pe...

NETSCOUT nGeniusPULSE 3.8 contains a hardcoded cryptographic key, allowing attackers to decrypt sensitive data or bypass authentication. This affects ...

CVE-2023-23324 involves hardcoded administrator credentials in Zumtobel Netlink CCD Onboard firmware versions 3.74-3.80. This allows attackers to gain...

First Corporation DVRs contain a hard-coded password vulnerability that allows remote unauthenticated attackers to access and modify device configurat...

This vulnerability allows remote attackers to execute arbitrary code on Natus NeuroWorks and SleepWorks systems due to a default hardcoded password 'x...

This vulnerability in Weintek EasyBuilder Pro exposes private keys during crash report transmission, allowing attackers to potentially gain remote con...

CVE-2023-31579 is a critical authentication bypass vulnerability in Dromara Lamp-Cloud where hardcoded JWT signing keys allow attackers to forge valid...

This CVE describes two critical vulnerabilities in ABUS security cameras: hardcoded manufacturer credentials and an OS command injection flaw in the /...

CVE-2023-31581 is a critical authentication bypass vulnerability in Dromara Sureness security framework versions before 1.0.8. The vulnerability allow...

This vulnerability allows attackers with knowledge of a hard-coded SSH private key to gain unauthorized access to Siemens CP-8031 and CP-8050 MASTER M...