CWE-798: CWE-798

CVE-2021-27141 is a critical credential exposure vulnerability affecting FiberHome HG6245D devices. The credentials stored in /fhconf/umconfig.txt are...

FiberHome HG6245D devices contain hardcoded credentials (user/user1234) in their web daemon, allowing attackers to gain administrative access to the d...

This vulnerability involves two undocumented administrator accounts (sftp and mofidev) with hardcoded, non-unique passwords in Mofi Network MOFI4500-4...

This vulnerability allows remote attackers to gain root access to affected Mofi Network routers via SSH using a hard-coded public key stored in read-o...

This vulnerability allows remote attackers to gain full administrative control of Geeni GNC-CW013 smart doorbell devices via Telnet using a default st...

CVE-2020-35929 is a critical vulnerability in TinyCheck where hard-coded credentials in the installation script allow attackers to gain unauthorized a...

This vulnerability allows remote attackers to gain root access to affected Amino Communications set-top boxes via SSH using hard-coded cryptographic k...

Programi Bilanc accounting software versions up to build 007 release 014 install with a hardcoded administrative account (admin/0000) that cannot be c...

This vulnerability involves hardcoded credentials in Programi Bilanc software that allow remote attackers to access multiple servers including website...

CVE-2020-35338 is a critical authentication bypass vulnerability in Mobile Viewpoint WMT Playout Server's web administrative interface. It allows atta...

This CVE exposes a hardcoded administrative password '!j@l#y$z%x6x7q8c9z)' for the TELNET service on affected V-SOL OLT devices. Attackers can use thi...

This vulnerability involves CDATA networking devices having a default hardcoded password 'debug124' for the debug account, allowing attackers to gain ...

This vulnerability affects multiple CDATA optical line terminal (OLT) devices that have a default blank password for the guest account. This allows un...

This vulnerability allows attackers to discover hardcoded administrative credentials in Barco wePresent WiPG-1600W firmware. Attackers can use these c...

Barco wePresent WiPG-1600W devices contain a hardcoded root password hash in their firmware, allowing attackers to gain full system control. This affe...

IBM Spectrum Protect Plus versions 10.1.0 through 10.1.6 contain hard-coded credentials used for authentication and encryption. This allows attackers ...

This CVE involves hard-coded default credentials in PLANET NVR devices that allow root access via telnet. If telnet is exposed to the Internet, attack...

This vulnerability in NATS nats-server allows attackers to bypass authentication by using expired JWT credentials, potentially gaining unauthorized ac...

The Relish VH510 4G hub contains hardcoded admin credentials in firmware versions before 1.0.1.6L0516, allowing remote attackers to gain administrativ...

This vulnerability in NVIDIA DGX servers involves hard-coded credentials in the AMI BMC firmware, allowing attackers to gain elevated privileges or ac...

This CVE describes a critical remote code execution vulnerability in Micro Focus Operation Bridge Manager, Operations Bridge (containerized), and Appl...

CVE-2020-26879 is a critical authentication bypass vulnerability in Ruckus vRioT software where a hardcoded backdoor token allows unauthenticated API ...

This vulnerability allows remote attackers to gain full administrative control of affected Rubetek security cameras via Telnet using a default static ...

CVE-2020-11857 is an authorization bypass vulnerability in Micro Focus Operation Bridge Reporter (OBR) that allows remote attackers to access the OBR ...

This vulnerability allows unauthenticated attackers to gain privileged telnet access to affected D-Link routers using hardcoded credentials. Attackers...

CVE-2020-24876 is a critical vulnerability in Pancake versions before 4.13.29 where a hard-coded cryptographic key allows attackers to forge session c...

IBM Security Verify Access 10.7 contains hard-coded credentials that could allow attackers to bypass authentication, access sensitive data, or comprom...

CVE-2024-27107 is a critical vulnerability in GE HealthCare EchoPAC products where weak default passwords allow attackers to gain unauthorized access....

This vulnerability involves hardcoded credentials in certain NETGEAR Orbi WiFi systems, allowing attackers to gain administrative access to affected d...

CVE-2021-32454 is a critical vulnerability in SITEL CAP/PRX firmware where hardcoded credentials allow attackers to take over devices. Attackers with ...

This vulnerability allows attackers to forge valid JWT authentication tokens using a predictable hardcoded secret, enabling complete authentication by...

IBM Security Verify Access Appliance versions 10.0.0 through 10.0.8 contain hard-coded credentials that could allow attackers to authenticate to the s...

CVE-2022-30234 is a critical vulnerability in Schneider Electric Wiser Smart energy management systems where hard-coded credentials allow attackers to...

This vulnerability involves hard-coded clinician passwords in ventilators, allowing attackers to extract credentials and gain unauthorized clinician-l...

This CVE describes a hard-coded credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 devices. Attackers can use these embedded creden...

Nexx Smart Home devices contain hard-coded credentials that allow unauthenticated attackers to access MQTT servers and remotely control garage doors a...

This vulnerability allows attackers to gain administrative control of Meeting Owl devices by using a backdoor password derived from the device's seria...

AquaView versions 1.60, 7.x, and 8.x contain hardcoded credentials that allow authenticated local attackers to manipulate users and system settings. T...

This vulnerability allows attackers to bypass authentication in TIBCO FTL Realm Server due to a hard-coded secret in default configurations. It affect...

This vulnerability allows attackers to extract administrative credentials from Gardyn IoT Hub through API responses, mobile app reverse engineering, o...

This vulnerability allows attackers to access protected administrative areas of the EZCast Pro II web application using well-known default credentials...

This vulnerability allows attackers to bypass authentication in Samsung MagicINFO 9 Server by exploiting hard-coded credentials. It affects all MagicI...

This CVE describes a hardcoded password vulnerability in Forever KidsWatch smartwatches. Attackers can use the embedded default credentials to gain un...

This vulnerability involves hidden maintenance accounts in Sharp and Toshiba multifunction printers/copiers. Attackers who obtain these account passwo...

This vulnerability allows attackers to read default passwords stored in plain text within .sdd files, enabling unauthorized access to SICK industrial ...

CVE-2024-28987 is a hardcoded credential vulnerability in SolarWinds Web Help Desk that allows remote unauthenticated attackers to access internal fun...

This vulnerability allows a high-privileged remote attacker to enable telnet access with hardcoded credentials on affected systems. Attackers can gain...

YourSpotify versions before 1.8.0 use a hardcoded JWT secret, allowing attackers to forge valid authentication tokens for any user. This enables authe...

Multiple MachineSense devices have hardcoded credentials that cannot be changed by users or administrators. This vulnerability allows attackers to gai...

This vulnerability involves hard-coded credentials in FOLIO's mod-data-export-spring module, allowing unauthenticated attackers to access critical API...