CWE-798: CWE-798

This CVE describes a vulnerability in Birddog firmware where hard-coded credentials are present in files on firmware images. An attacker can use these...

This vulnerability in GE UR bootloader versions 7.00-7.02 contains hardcoded credentials that could allow unauthorized access. Attackers with physical...

This vulnerability in E-Kent Pallium Vehicle Tracking software allows attackers to bypass authentication using hard-coded credentials stored without p...

Akkadian Provisioning Manager Engine ships with a hard-coded credential (akkadianuser:haakkadianpassword) that allows unauthorized access. This affect...

This vulnerability in SIMATIC CN 4100 devices involves sensitive information being stored in firmware, allowing attackers to extract and misuse this d...

The LevelOne WBR-6012 router contains a hard-coded backdoor credential '@m!t2K1' that grants admin access during the first 30 seconds after boot. Atta...

A vulnerability in Brocade Fabric OS allows authenticated remote attackers to read device data via SNMP using hard-coded default community strings. Th...

This vulnerability allows remote attackers to authenticate to SSH services with root privileges using a hidden hard-coded account. It affects Bosch Re...

This vulnerability allows remote attackers to authenticate to affected Bosch web applications using hidden hard-coded accounts with high privileges. A...

CVE-2023-43870 allows attackers to extract the root certificate password from Net2 software installation files, enabling them to create fraudulent cer...

This vulnerability involves hard-coded cryptographic keys in FortiDDoS API versions 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2...

This vulnerability involves hard-coded credentials in IntelliBridge EC 40 and 60 Hub devices, allowing attackers to gain unauthorized access to the sy...

CVE-2021-44207 is a vulnerability in Acclaim USAHERDS software where hard-coded credentials allow attackers to gain unauthorized access. This affects ...

CVE-2021-26611 is a hard-coded credentials vulnerability in HejHome GKW-IC052 IP cameras that allows remote attackers to gain administrative control. ...

Dokploy versions before 0.26.6 contain hardcoded database credentials in the installation script, allowing attackers with network access to the databa...

GE Vernova EnerVista UR Setup software contains hard-coded credentials that encrypt the local user database. Attackers who analyze the application cod...

Tenda W9 routers version 1.0.0.7(4456) contain a hardcoded root password in the /etc_ro/shadow file, allowing attackers to gain administrative access....

This vulnerability allows attackers to gain root access to Tenda G3 routers using a hardcoded password stored in the /etc_ro/shadow file. Anyone using...

CVE-2022-22765 is a hardcoded credentials vulnerability in BD Viper LT medical laboratory automation systems. Exploitation allows attackers to access,...

Calero VeraSMART versions before 2026 R1 contain hardcoded AES encryption keys in the Veramark.Framework.dll file. This allows attackers with local sy...

This vulnerability involves hard-coded credentials in Schneider Electric software that allow local privilege escalation. Non-administrative users can ...

This vulnerability allows attackers on the same local network to bypass security restrictions on Precor fitness equipment touchscreen consoles using a...

This vulnerability allows local attackers with initial low-privileged access to escalate to SYSTEM privileges on Voltronic Power ViewPower Pro install...

This vulnerability allows local attackers to calculate the root password of Loxone Miniserver Go Gen.2 devices using hard-coded secrets and the device...

This vulnerability involves hardcoded static credentials in PostgreSQL data used by ManageEngine Access Manager Plus, Password Manager Pro, and PAM360...

The Wolt Delivery Android app versions 4.27.2 and earlier contain hard-coded API credentials that can be extracted through reverse engineering. This a...

This vulnerability allows attackers on the local network to gain root access to affected devices via telnet by exploiting hard-coded cryptographic key...

CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier contain hard-coded API keys that cannot be changed. This allows attackers to bypass authe...

IBM QRadar SIEM versions 7.3 and 7.4 contain hard-coded credentials that could allow attackers to authenticate to the system, communicate with externa...

IBM QRadar SIEM versions 7.3 and 7.4 contain hard-coded credentials that could allow attackers to authenticate to the system, communicate with externa...

This vulnerability involves MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software using a hardcoded database password shared across all installations...

The TK-Star Q90 Junior GPS smartwatch uses a hardcoded default administrative password (123456) that cannot be changed during initial setup. This allo...

CVE-2021-1219 is a vulnerability in Cisco Smart Software Manager Satellite that allows authenticated local attackers to access static credentials stor...

This CVE describes a hard-coded credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator software on Windows. A...

This vulnerability in Xerox Workplace Suite allows attackers to predict or forge authentication tokens due to flawed token generation and hard-coded c...

ECOVACS robot lawnmowers and vacuums have a predictable root password generated from model and serial number, allowing attackers with shell access to ...

SolarWinds Web Help Desk contains hardcoded credentials that could allow attackers to access administrative functions under certain conditions. This a...

CVE-2021-47744 is a hard-coded credentials vulnerability in Cypress Solutions CTM-200/CTM-ONE devices running version 1.3.6. Attackers can use the sta...

CVE-2025-7358 is a hard-coded credentials vulnerability in Utarit Informatics Services Inc. SoliClub software that allows attackers to bypass authenti...

CVE-2025-1029 is a hard-coded credentials vulnerability in Utarit Information Services SoliClub software that allows attackers to extract sensitive au...

CVE-2025-41722 allows unauthenticated remote attackers to extract private keys from affected devices due to a hard-coded certificate used by the wsc s...

This vulnerability allows attackers with access to Kubernetes Image Builder build VMs to modify Windows images during creation, potentially injecting ...

PAVO Pay contains hard-coded credentials that can be extracted from the executable file, allowing attackers to gain unauthorized access to sensitive s...

Multiple SQL injection vulnerabilities in EasyVirt DCScope and CO2Scope allow authenticated attackers with low privileges to manipulate user, group, a...

Ubiquiti U7-Pro access points contain a hardcoded password in their firmware that could allow attackers to gain root access. This primarily affects us...

IBM Cognos Controller versions 11.0.0 and 11.0.1 contain hard-coded credentials that could be used for authentication, communication, or data encrypti...

CVE-2024-41161 is a critical authentication bypass vulnerability in Vonets industrial wifi bridge devices. Unauthenticated remote attackers can gain a...

CVE-2024-33329 is an authentication bypass vulnerability in Lumisxp content management system where attackers can use a hardcoded privileged ID to acc...

The OfferBox mobile applications for Android and iOS use a hard-coded secret key for JSON Web Token (JWT) authentication. This allows attackers who re...

This vulnerability allows attackers with administrative privileges on the Trellix ePolicy Orchestrator server to access the database encryption key by...