CWE-798: CWE-798

This vulnerability allows unauthenticated remote attackers to log into Cisco Emergency Responder systems using static root credentials that cannot be ...

CVE-2023-5074 is a critical authentication bypass vulnerability in D-Link D-View 8 network management software. Attackers can forge valid JWT authenti...

This critical vulnerability in NETIS SYSTEMS WF2409Ev4 routers allows remote attackers to execute arbitrary code and access sensitive information thro...

i-doit pro and open versions 25 and below have hardcoded default administrator credentials with no forced password change. Unauthenticated attackers c...

CVE-2023-41508 is a hard-coded credential vulnerability in Super Store Finder v3.6 that allows attackers to bypass authentication and gain administrat...

This vulnerability allows remote attackers to access SpotCam FHD 2 devices using hard-coded uBoot credentials. Attackers can perform arbitrary system ...

This vulnerability allows remote attackers to access SpotCam FHD 2 devices via hidden Telnet using hard-coded credentials. Attackers can execute arbit...

Connected IO devices v2.1.0 and earlier contain hard-coded MQTT credentials in firmware, allowing attackers to connect to the MQTT broker and imperson...

This vulnerability allows attackers to forge valid JWT session tokens using a hardcoded cryptographic key, enabling authentication bypass in Control I...

Synel SYnergy Fingerprint Terminals contain hard-coded credentials that allow attackers to gain unauthorized access. This affects all organizations us...

SmartSoft SmartBPM.NET uses a hard-coded machine key that allows unauthenticated remote attackers to send serialized payloads to execute arbitrary cod...

PiiGAB M-Bus devices contain hard-coded credentials that allow authentication bypass. This affects all systems using vulnerable PiiGAB M-Bus products,...

CVE-2022-4333 involves hardcoded credentials in multiple SPRECON-E CPU variants from Sprecher Automation, allowing remote attackers to take over affec...

Draytek Vigor routers, access points, switches, and Myvigor firmware use hardcoded encryption keys, allowing attackers to bind affected devices to the...

MXsecurity version 1.0 contains hardcoded credentials that allow attackers to craft arbitrary JWT tokens and bypass authentication for web-based APIs....

This vulnerability allows attackers to access the RTSP video feed of Tenda CP3 IP cameras using a hard-coded default password. Anyone using the affect...

CVE-2023-26089 allows authentication bypass in European Chemicals Agency IUCLID 6.x software due to a weak hard-coded secret used for JWT signing. Att...

Sage 300's optional Web Screens and Global Search features use a hard-coded encryption key ('LandlordPassKey') to protect sensitive data in configurat...

Sage 300 uses a hard-coded encryption key to protect sensitive data like passwords and SQL connection strings. Attackers who gain access to the encryp...

Fighting Cock Information System 1.0 uses hardcoded default credentials that administrators cannot change during installation. This allows attackers t...

Electra Central AC units contain hardcoded credentials in unspecified code, allowing attackers to gain unauthorized access to the system. This affects...

Osprey Pump Controller version 1.01 contains a hidden administrative account with a hardcoded password that cannot be changed, allowing full access to...

CVE-2022-22512 involves hard-coded administrative credentials in the web interface of multiple VARTA Storage products, allowing unauthorized attackers...

CVE-2023-26511 is a critical authentication bypass vulnerability in Propius MachineSelector's web admin panel. Attackers can exploit hard-coded admin ...

CVE-2023-1269 involves hard-coded credentials in the easyappointments scheduling software, allowing attackers to gain unauthorized access to the appli...

This vulnerability allows unauthenticated attackers to gain root access to Western Digital My Cloud network-attached storage devices by exploiting a d...

This vulnerability allows unauthenticated attackers to access the telnet service on TOTOLINK N200RE_v5 routers via a crafted POST request, then gain r...

Delta Industrial Automation's DIAEnergy system contains hard-coded credentials that allow attackers to upload executable files to specific directories...

CVE-2022-30274 is a critical vulnerability in Motorola ACE1000 RTU devices where credentials and authentication data are encrypted using the Tiny Encr...

CVE-2022-29953 exposes Bently Nevada 3700 series condition monitoring equipment through hardcoded credentials on a maintenance interface. Attackers co...

An authentication bypass vulnerability in FileWave allows unauthenticated attackers to gain administrative access to the platform. This affects FileWa...

The Atlassian Questions For Confluence app creates a default user account with a hardcoded password, allowing remote unauthenticated attackers to log ...

This vulnerability involves a hardcoded encryption key in Wavlink routers that allows attackers to decrypt configuration files and potentially gain ad...

The MiCODUS MV720 GPS tracker API server uses a hard-coded master password in its authentication mechanism, allowing attackers to send SMS commands to...

Goldshell ASIC Miners v2.1.x contain hardcoded SSH credentials that allow attackers to remotely connect to the devices. This affects all Goldshell ASI...

CVE-2022-32985 is a critical vulnerability in Nexans FTTO GigaSwitch devices that implements a hardcoded backdoor account for SSH access on ports 5020...

CVE-2022-35857 is a critical remote code execution vulnerability in kvf-admin that allows attackers to execute arbitrary code on affected systems. The...

IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials that can be used for authentication, communication, or data encryption. This allows ...

This vulnerability allows attackers to gain administrative access to EDIMAX IC-3140W IP cameras using hardcoded credentials. Anyone using the affected...

TitanFTP NextGen versions before 1.2.1050 have a hardcoded password for the SQL Server 'sa' account, allowing attackers to gain administrative databas...

CVE-2022-30422 allows remote attackers to execute arbitrary code on Planet Time Enterprise servers by manipulating the Viewstate parameter. This affec...

CVE-2021-40903 is an authentication bypass vulnerability in Antminer Monitor 0.50.0 due to a static secret string in Flask server settings instead of ...

CVE-2022-29525 is a critical authentication bypass vulnerability in Rakuten Casa devices where hard-coded root credentials allow remote attackers to g...

USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 contains hard-coded administrative credentials that cannot be changed through normal device oper...

CVE-2022-28605 is a critical authentication bypass vulnerability in SoundBar apps using Linkplay SDK 1.00 where a hardcoded admin token allows remote ...

CVE-2021-33016 allows attackers to gain full read/write/delete access to sensitive folders on KUKA KR C4 industrial control systems due to hard-coded ...

This vulnerability involves a hard-coded password for the telnet service in TOTOLINK A3100R routers, allowing attackers to gain unauthorized administr...

This vulnerability in IBM Spectrum Virtualize allows attackers to gain unauthorized access by reusing support-generated credentials. It affects IBM Sp...

Bettini Srl GAMS Product Line v4.3.0 uses the same static SSH private key across all installations, allowing attackers to extract the key from the sof...

This vulnerability allows attackers to gain SSH access to Schneider Electric ConneXium Tofino Firewall and Belden Tofino Xenon Security Appliance devi...