CWE-798: CWE-798

The Hitron CODA-5310 router contains hard-coded encryption keys in its firmware, allowing authenticated administrators to decrypt system files. This e...

This vulnerability involves hard-coded credentials in STARDOM FCN and FCJ controllers, allowing attackers with administrative access to read/change co...

ControlUp Real-Time Agent versions before 8.2.5 contain a hardcoded cryptographic key that allows attackers to authenticate to the WCF channel and exe...

This vulnerability allows attackers to gain administrative access to Brocade SANnav's PostgreSQL database using a hard-coded weak password ('passw0rd'...

This vulnerability in DOXENSE WATCHDOC allows attackers to obtain private user puk codes for Active Directory registered users due to hard-coded and p...

This vulnerability allows attackers within Wi-Fi range of Mitsubishi Electric's discontinued EcoGuideTAB photovoltaic monitors to access hardcoded cre...

CVE-2024-27168 is an authentication bypass vulnerability in Toshiba multifunction printers where hardcoded private keys are used for internal API auth...

ABB FLXEON devices contain hard-coded credentials that could allow attackers to gain unauthorized access. This affects all FLXEON versions through 9.3...

Tenda CP3 Pro routers with firmware V22.5.4.93 contain a hardcoded root password hash in system files, allowing attackers who can access the firmware ...

This vulnerability allows physically present attackers to bypass authentication on WOLFBOX Level 2 EV Charger Management Cards using hard-coded creden...

GNCC's GC2 Indoor Security Camera 1080P has a hardcoded identical root password across all devices, allowing attackers with physical access to gain ad...

DCIM dcTrack platforms use default and hard-coded credentials that allow attackers to gain administrative access. This vulnerability enables database ...

IBM Concert versions 1.0.0 through 2.1.0 contain hard-coded credentials that could allow remote attackers to authenticate to the system without proper...

Open5GS WebUI uses a hard-coded JWT signing key ('change-me') when the JWT_SECRET_KEY environment variable is not set, allowing attackers to forge aut...

This CVE involves hardcoded credentials in the ATLAS-EPIC software, allowing attackers to gain unauthorized access to systems running vulnerable versi...

CVE-2025-4633 allows unauthenticated attackers to access Airpointer 2.4.107-2 web portals using default credentials. This affects all deployments usin...

Dell PowerStore version 4.0.0.0 contains hard-coded credentials in its image file, allowing attackers with knowledge of these credentials to gain unau...

This vulnerability allows attackers to access administrative/debug scripts in the web interface using undocumented hard-coded credentials. This provid...

The IROAD dashcam mobile application contains hardcoded credentials that allow attackers on the same Wi-Fi network to access API endpoints and retriev...

This vulnerability exposes Artifactory API keys in IBM Cognos Controller and IBM Controller, allowing authenticated users to publish code to private p...

Aptos Wisal payroll accounting software before version 7.1.6 uses hardcoded credentials in its Windows client to retrieve all usernames and passwords ...

SolarWinds Access Rights Manager (ARM) contains hard-coded credentials that allow authentication bypass to the RabbitMQ management console. This vulne...

This critical vulnerability in Go-Tribe's gotribe software involves hard-coded credentials in the token signing function. Attackers can exploit this t...

Toshiba printers use a hardcoded encryption key in a shell script to encrypt logs, allowing attackers to decrypt sensitive log files. This vulnerabili...

This vulnerability in Keycloak allows sensitive runtime values like passwords to be captured during the build process and embedded as default values i...

SolarWinds Database Performance Analyzer contains a hard-coded cryptographic key that could enable machine-in-the-middle attacks if exploited. This af...

CVE-2025-23179 involves hard-coded credentials in software, allowing attackers to bypass authentication using embedded default passwords or keys. This...

This vulnerability in SunGrow WiNet-S inverters allows attackers to send arbitrary commands to inverters using hardcoded MQTT credentials and intercep...

Weintek cMT-3072XH2 HMI devices contain a hardcoded encryption key in easyweb v2.1.53 and OS v20231011, allowing attackers to decrypt sensitive inform...

This vulnerability exposes password hashes for system accounts within firmware update files. Remote attackers could recover credentials and gain unaut...

This vulnerability involves hard-coded configuration values in Desktop Alert PingAlert's Application Server, which could allow attackers to bypass sec...

This vulnerability involves hard-coded credentials in Fortinet FortiWeb web application firewalls that could allow authenticated attackers with shell ...

CVE-2025-64766 is a hard-coded secret vulnerability in NixOS's OnlyOffice document server module that allows attackers with knowledge of a document re...

The Helpie FAQ WordPress plugin versions up to 1.39 contain hard-coded credentials that allow attackers to retrieve embedded sensitive data. This affe...

This CVE describes a hard-coded credentials vulnerability in the Estonian Shipping Methods for WooCommerce WordPress plugin. Attackers can retrieve em...

A hard-coded credentials vulnerability in weDevs WP Project Manager WordPress plugin allows attackers to retrieve embedded sensitive data. This affect...

MXsecurity software versions v1.1.0 and prior contain hard-coded credentials that could allow attackers to access and tamper with sensitive data. This...

This vulnerability allows an authenticated attacker with administrative credentials to inject malicious scripts into Cisco Prime Infrastructure's web ...

This CVE describes a hardcoded credential vulnerability in TeleMessage's archiving backend that accepts API calls with static username 'logfile' and p...

Cybele Software Thinfinity Workspace versions before 7.0.2.113 contain a hardcoded cryptographic key used for encryption. This vulnerability allows at...

Zimbra Collaboration 10.0 and 10.1 contain hardcoded Flickr API credentials in the publicly accessible Flickr Zimlet. Attackers can retrieve these cre...

This vulnerability allows attackers to use an undocumented UART port on the PCB as a side-channel to gain read access to parts of the device's filesys...

The Xtooltech Xtool AnyScan Android application uses hardcoded cryptographic keys to decrypt update metadata, allowing attackers who intercept network...

IBM MaaS360 for Android versions 6.31 through 8.60 contain hard-coded credentials that can be extracted by anyone with physical access to the device. ...

This vulnerability allows attackers with physical access to extract WPA/WPS credentials stored in plaintext within the SyroTech SY-GPON-1110-WDONT rou...

This CVE describes a use of hard-coded credentials vulnerability in ZWX-2000CSW2-HN and ZWX-2000CS2-HN firmware. Attackers can exploit this to obtain ...

This vulnerability involves hard-coded credentials embedded in the application binary that are used for authentication and communication with a mobile...

The Piccoma mobile app for Android and iOS versions before 6.20.0 contains a hard-coded API key for an external service. This allows local attackers w...

Dormakaba's FWServiceTool uses a static, hardcoded password to decrypt encrypted ZIP files containing firmware updates for Access Managers. This allow...

CVE-2025-59096 is a hard-coded credential vulnerability in Kaba 9300 Administration software that allows attackers to gain administrative access using...