CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-798

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-1139 798 +Priv 2001-01-09 2020-04-02
7.5
None Remote Low Not required Partial Partial Partial
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
2 CVE-2006-7074 798 +Priv Bypass 2007-03-02 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie.
3 CVE-2007-1063 798 2007-02-22 2019-05-23
10.0
None Remote Low Not required Complete Complete Complete
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.
4 CVE-2009-5154 798 2019-02-09 2019-02-13
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.
5 CVE-2012-2166 798 2018-02-08 2018-03-10
10.0
None Remote Low Not required Complete Complete Complete
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.
6 CVE-2012-4381 798 2020-02-08 2020-02-12
9.3
None Remote Medium Not required Complete Complete Complete
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.
7 CVE-2012-5686 798 2020-02-04 2020-02-06
7.5
None Remote Low Not required Partial Partial Partial
ZPanel 10.0.1 has insufficient entropy for its password reset process.
8 CVE-2012-6611 798 2020-02-10 2020-02-14
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.
9 CVE-2013-1352 798 2020-01-30 2020-02-10
5.0
None Remote Low Not required Partial None None
Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive.
10 CVE-2013-1603 798 2020-01-28 2021-04-26
5.0
None Remote Low Not required Partial None None
An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve as a backdoor, which allows remote attackers to access the RTSP video stream.
11 CVE-2013-2567 798 1 Bypass +Info 2020-01-29 2020-02-01
5.0
None Remote Low Not required Partial None None
An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.
12 CVE-2013-2572 798 1 Bypass 2020-01-29 2020-01-31
5.0
None Remote Low Not required Partial None None
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files.
13 CVE-2013-3542 798 2019-12-11 2019-12-19
10.0
None Remote Low Not required Complete Complete Complete
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.
14 CVE-2013-3619 798 2020-01-02 2020-01-15
4.3
None Remote Medium Not required Partial None None
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.
15 CVE-2013-6236 798 2020-02-12 2020-02-25
10.0
None Remote Low Not required Complete Complete Complete
IZON IP 2.0.2: hard-coded password vulnerability
16 CVE-2013-6276 798 2021-08-09 2021-08-19
5.0
None Remote Low Not required Partial None None
** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models.
17 CVE-2013-6277 798 2020-02-13 2020-02-28
5.0
None Remote Low Not required Partial None None
QNAP VioCard 300 has hardcoded RSA private keys.
18 CVE-2013-6362 798 2020-02-13 2020-02-24
5.0
None Remote Low Not required Partial None None
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts.
19 CVE-2014-0175 798 2019-12-13 2019-12-18
7.5
None Remote Low Not required Partial Partial Partial
mcollective has a default password set at install
20 CVE-2014-3205 798 2018-02-23 2018-03-18
10.0
None Remote Low Not required Complete Complete Complete
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
21 CVE-2014-3413 798 +Info 2018-04-05 2018-08-10
10.0
None Remote Low Not required Complete Complete Complete
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access.
22 CVE-2014-5431 798 2019-03-26 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes.
23 CVE-2014-5434 798 2019-03-26 2019-10-09
5.0
None Remote Low Not required Partial None None
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.
24 CVE-2014-6617 798 2018-03-09 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
25 CVE-2014-8426 798 2017-08-28 2017-09-01
7.5
None Remote Low Not required Partial Partial Partial
Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015.
26 CVE-2014-8579 798 2018-01-05 2018-01-26
10.0
None Remote Low Not required Complete Complete Complete
TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.
27 CVE-2014-9614 798 2020-02-19 2020-02-20
7.5
None Remote Low Not required Partial Partial Partial
The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.
28 CVE-2015-2867 798 2017-01-06 2017-01-11
10.0
None Remote Low Not required Complete Complete Complete
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.
29 CVE-2015-2881 798 2017-04-10 2017-04-13
10.0
None Remote Low Not required Complete Complete Complete
Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.
30 CVE-2015-2882 798 2017-04-10 2017-04-14
10.0
None Remote Low Not required Complete Complete Complete
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.
31 CVE-2015-2885 798 2017-04-10 2017-04-13
10.0
None Remote Low Not required Complete Complete Complete
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.
32 CVE-2015-2887 798 2017-04-10 2017-04-13
10.0
None Remote Low Not required Complete Complete Complete
iBaby M3S has a password of admin for the backdoor admin account.
33 CVE-2015-3953 798 2019-03-25 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
34 CVE-2015-4667 798 2017-09-25 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple hardcoded credentials in Xsuite 2.x.
35 CVE-2015-7246 798 2017-04-24 2017-04-28
10.0
None Remote Low Not required Complete Complete Complete
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
36 CVE-2015-7276 798 2019-11-06 2019-11-08
4.3
None Remote Medium Not required Partial None None
Technicolor C2000T and C2100T uses hard-coded cryptographic keys.
37 CVE-2015-9254 798 2018-02-20 2018-03-19
7.5
None Remote Low Not required Partial Partial Partial
Datto ALTO and SIRIS devices have a default VNC password.
38 CVE-2016-0235 798 2018-03-12 2018-04-04
7.2
None Local Low Not required Complete Complete Complete
IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326.
39 CVE-2016-0726 798 2017-06-06 2017-06-22
7.5
None Remote Low Not required Partial Partial Partial
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
40 CVE-2016-1560 798 2017-04-21 2017-04-27
10.0
None Remote Low Not required Complete Complete Complete
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session.
41 CVE-2016-2310 798 2016-06-09 2021-03-29
10.0
None Remote Low Not required Complete Complete Complete
General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.
42 CVE-2016-2357 798 2019-10-25 2019-10-29
5.0
None Remote Low Not required Partial None None
Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.
43 CVE-2016-2358 798 2019-10-25 2019-10-29
5.0
None Remote Low Not required Partial None None
Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.
44 CVE-2016-2360 798 2019-10-25 2019-10-29
5.0
None Remote Low Not required Partial None None
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.
45 CVE-2016-2948 798 2016-11-30 2016-12-03
4.6
None Local Low Not required Partial Partial Partial
IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors.
46 CVE-2016-3953 798 Exec Code 2018-02-06 2019-06-21
7.5
None Remote Low Not required Partial Partial Partial
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.
47 CVE-2016-5081 798 2016-08-24 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session.
48 CVE-2016-5333 798 2016-08-31 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
49 CVE-2016-5678 798 2016-08-31 2017-09-03
10.0
None Remote Low Not required Complete Complete Complete
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
50 CVE-2016-5816 798 2017-08-25 2017-08-30
5.0
None Remote Low Not required Partial None None
A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source.
Total number of vulnerabilities : 680   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.