CWE-798: CWE-798

CVE-2022-24693 allows remote attackers to gain SSH access to Baicells Nova436Q and Neutrino 430 cellular base station devices using hardcoded credenti...

CVE-2022-25521 is an access control vulnerability in NUUO network video recorder software that allows attackers to gain unauthorized remote access usi...

This vulnerability allows remote authenticated attackers to take full control of affected systems through hard-coded UltraVNC credentials in Axeda pro...

This vulnerability affects Yokogawa Electric industrial control systems where default Windows account passwords remain unchanged from initial configur...

This vulnerability involves hard-coded credentials in Yokogawa Electric's CENTUM VP and Exaopc products, allowing attackers to gain unauthorized acces...

Home Owners Collection Management System v1.0 contains hardcoded credentials that allow attackers to bypass authentication and access the admin panel....

CVE-2022-25329 is a critical authentication bypass vulnerability in Trend Micro ServerProtect where the Information Server uses static credentials for...

Dairy Farm Shop Management System v1.0 contains hardcoded credentials in its source code, allowing attackers to bypass authentication and gain adminis...

CVE-2022-22813 is a critical vulnerability in Schneider Electric products where hard-coded TLS cryptographic keys allow attackers to decrypt and manip...

Online Course Registration v1.0 contains hardcoded credentials in its source code, allowing attackers to bypass authentication and gain administrative...

CVE-2022-22928 is a critical vulnerability in MCMS v5.2.4 where a hardcoded Shiro key allows attackers to bypass authentication and execute arbitrary ...

CVE-2022-22845 is a critical authentication bypass vulnerability in QXIP SIPCAPTURE homer-app where all installations share the same hardcoded JWT sec...

Trendnet AC2600 TEW-827DRU routers use hardcoded credentials ('12345678') to encrypt configuration backups. This allows attackers to decrypt and poten...

Kaseya Unitrends Backup Appliance versions before 10.5.5 use a weak default SNMP community string, allowing attackers to read and potentially modify S...

CVE-2021-43136 is an authentication bypass vulnerability in FormaLMS learning management systems that allows attackers to gain unauthorized access to ...

REINER timeCard 6.05.07 installs Microsoft SQL Server with a hardcoded sa password in TCServer.jar, allowing attackers to gain full database control. ...

ECOA BAS controllers contain hard-coded credentials in their Linux distribution image, allowing remote attackers to gain administrator privileges with...

IBM Security Guardium 11.3 contains hard-coded credentials that could allow attackers to authenticate to the system, communicate with external compone...

CVE-2021-21913 is a critical vulnerability in D-LINK DIR-3040 routers that allows unauthenticated attackers to execute arbitrary commands via the MQTT...

This vulnerability involves a hardcoded JWT secret key in AdaptiveScale LXDUI that allows attackers to forge authentication tokens and gain administra...

PEPPERL+FUCHS WirelessHART-Gateway devices versions 3.0.7 to 3.0.9 have SSH and telnet services enabled with hard-coded credentials. This allows attac...

This vulnerability involves hard-coded credentials with weak passwords in D-Link DVG-3104MS devices, allowing attackers to gain unauthorized access. I...

CVE-2021-39615 is a critical vulnerability in D-Link DSR-500N routers where hard-coded credentials for undocumented accounts exist in the /etc/passwd ...

This vulnerability involves hardcoded SSH keys in QNAP F_VioCard 2312 and F_VioGate 2308 devices, allowing unauthorized remote access. Only legacy mod...

The ecobee3 lite thermostat version 4.5.81.200 contains hardcoded default root credentials that allow attackers to gain privileged access through the ...

CVE-2021-37555 allows attackers to gain root shell access on TX9 Automatic Food Dispenser devices via telnet using default credentials. This enables c...

This vulnerability involves hard-coded administrative credentials in Schneider Electric EVlink charging stations, allowing attackers to issue unauthor...

Dell EMC Networking S4100 and S5200 Series Switches manufactured before February 2020 contain hardcoded administrative credentials. Remote attackers c...

Dr. ID Door Access Control and Personnel Attendance Management systems have hardcoded default admin credentials, allowing remote attackers to gain ful...

This vulnerability allows remote attackers to execute arbitrary code on D-LINK DIR-3040 routers due to a hard-coded password in the Libcli Test Enviro...

CVE-2021-33218 is a critical vulnerability in CommScope Ruckus IoT Controller where hard-coded system passwords allow attackers to gain shell access. ...

This vulnerability involves hard-coded default credentials in QSAN SANOS storage operating system, allowing unauthenticated remote attackers to gain a...

IBM Security Guardium 11.2 contains hard-coded credentials that could allow attackers to authenticate to the system, communicate with external compone...

Inim Electronics Smartliving SmartLAN/G/SI devices up to version 6.x use hardcoded default credentials, allowing attackers to gain Telnet, SSH, and FT...

MobileIron MDM agents for Android and iOS contain a hardcoded encryption key used to encrypt authentication credentials. This allows attackers to decr...

This vulnerability affects BB-ESWGP506-2SFP-T industrial switches with hard-coded credentials, allowing attackers to gain unauthorized access and exec...

This vulnerability allows attackers to bypass authentication in Shinobi video surveillance software by exploiting JavaScript prototype pollution. Atta...

FiberHome HG6245D devices contain hardcoded administrative credentials (useradmin/888888) in their web daemon, allowing unauthorized access to the dev...

CVE-2021-27161 is a critical authentication bypass vulnerability affecting FiberHome HG6245D optical network terminals. The web management interface c...

CVE-2021-27163 is a critical authentication bypass vulnerability affecting FiberHome HG6245D optical network terminals. The devices contain hardcoded ...

CVE-2021-27165 is a critical authentication bypass vulnerability affecting FiberHome HG6245D optical network terminals. Attackers can exploit hardcode...

CVE-2021-27167 is a critical authentication bypass vulnerability affecting FiberHome HG6245D optical network terminals. The admin account has a hardco...

CVE-2021-27169 is a critical vulnerability affecting FiberHome AN5506-04-FA optical network terminals with firmware RP2631. It involves hardcoded cred...

FiberHome HG6245D devices contain hardcoded admin/admin credentials in their web daemon, allowing attackers to gain administrative access to the devic...

CVE-2021-27149 is a critical authentication bypass vulnerability affecting FiberHome HG6245D devices. Attackers can use hardcoded admin credentials (a...

FiberHome HG6245D optical network terminal devices contain hardcoded root credentials (rootmet/m3tr0r00t) in their web daemon. This allows attackers t...

CVE-2021-27153 is a critical authentication bypass vulnerability affecting FiberHome HG6245D optical network terminals. The web daemon contains hardco...

CVE-2021-27155 is a critical authentication bypass vulnerability affecting FiberHome HG6245D optical network terminals. The web daemon contains hardco...

CVE-2021-27157 is a critical authentication bypass vulnerability affecting FiberHome HG6245D optical network terminals. The web daemon contains hardco...

FiberHome HG6245D devices contain hardcoded admin credentials (admin/lnadmin) in the web daemon, allowing attackers to gain administrative access. Thi...