CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-798

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-2572 798 1 Bypass 2020-01-29 2020-01-31
5.0
None Remote Low Not required Partial None None
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files.
2 CVE-2013-2567 798 1 Bypass +Info 2020-01-29 2020-02-01
5.0
None Remote Low Not required Partial None None
An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.
3 CVE-2022-22845 798 2022-01-10 2022-01-18
7.5
None Remote Low Not required Partial Partial Partial
QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations.
4 CVE-2022-22056 798 2022-01-14 2022-01-21
10.0
None Remote Low Not required Complete Complete Complete
The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service.
5 CVE-2022-21669 798 2022-01-11 2022-01-20
5.0
None Remote Low Not required Partial None None
PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date.
6 CVE-2021-45913 798 2022-01-04 2022-01-13
9.0
None Remote Low ??? Complete Complete Complete
A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel.
7 CVE-2021-45732 798 2021-12-30 2022-01-11
6.5
None Remote Low ??? Partial Partial Partial
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.
8 CVE-2021-45522 798 2021-12-26 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded password.
9 CVE-2021-45521 798 2021-12-26 2022-01-05
3.3
None Local Network Low Not required Partial None None
Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.
10 CVE-2021-45520 798 2021-12-26 2022-01-05
5.8
None Local Network Low Not required Partial Partial Partial
Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.
11 CVE-2021-45033 798 2022-01-11 2022-01-19
8.5
None Remote Medium ??? Complete Complete Complete
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device.
12 CVE-2021-44207 798 2021-12-21 2022-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.
13 CVE-2021-43575 798 2021-11-09 2021-11-15
2.1
None Local Low Not required Partial None None
** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported.
14 CVE-2021-43284 798 2021-11-30 2021-12-03
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface).
15 CVE-2021-43282 798 2021-11-30 2021-12-03
3.3
None Local Network Low Not required Partial None None
An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router's MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network interface controller (NIC). An attacker within scanning range of the Wi-Fi network can thus scan for Wi-Fi networks to obtain the default key.
16 CVE-2021-43052 798 Bypass 2022-01-11 2022-01-19
5.0
None Remote Low Not required Partial None None
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below.
17 CVE-2021-43044 798 2021-12-06 2021-12-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community.
18 CVE-2021-41828 798 2021-09-30 2021-10-05
5.0
None Remote Low Not required Partial None None
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.
19 CVE-2021-41827 798 2021-09-30 2021-10-05
5.0
None Remote Low Not required Partial None None
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.
20 CVE-2021-41320 798 2021-10-15 2021-10-21
2.1
None Local Low Not required Partial None None
A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user.
21 CVE-2021-41299 798 2021-09-30 2021-10-07
10.0
None Remote Low Not required Complete Complete Complete
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in.
22 CVE-2021-41028 798 2021-12-16 2022-01-04
5.4
None Local Network Medium Not required Partial Partial Partial
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.
23 CVE-2021-40519 798 2021-11-10 2021-11-12
6.4
None Remote Low Not required Partial Partial None
Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.
24 CVE-2021-40494 798 2021-09-03 2021-09-10
10.0
None Remote Low Not required Complete Complete Complete
A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system.
25 CVE-2021-40119 798 2021-11-04 2021-11-12
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user.
26 CVE-2021-39615 798 2021-08-23 2021-08-30
10.0
None Remote Low Not required Complete Complete Complete
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
27 CVE-2021-39614 798 2021-08-23 2021-08-30
5.0
None Remote Low Not required Partial None None
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values.
28 CVE-2021-39613 798 2021-08-23 2021-08-30
5.0
None Remote Low Not required Partial None None
** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
29 CVE-2021-39245 798 2021-08-23 2021-08-26
5.0
None Remote Low Not required Partial None None
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0.
30 CVE-2021-38456 798 2021-10-12 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords
31 CVE-2021-37555 798 2021-07-26 2021-08-09
10.0
None Remote Low Not required Complete Complete Complete
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).
32 CVE-2021-37163 798 2021-08-02 2021-08-10
7.5
None Remote Low Not required Partial Partial Partial
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded.
33 CVE-2021-36799 798 2021-07-19 2021-12-15
2.1
None Local Low Not required Partial None None
** UNSUPPORTED WHEN ASSIGNED ** KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
34 CVE-2021-36751 798 2022-01-02 2022-01-13
6.4
None Remote Low Not required Partial Partial None
ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. There is no data integrity mechanism. (This behavior occurs across USB drives sold under multiple brand names.)
35 CVE-2021-36234 798 2021-08-31 2021-09-08
2.1
None Local Low Not required Partial None None
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.
36 CVE-2021-35961 798 2021-07-16 2021-08-02
10.0
None Remote Low Not required Complete Complete Complete
Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.
37 CVE-2021-35232 798 Exec Code 2021-12-27 2022-01-12
3.6
None Local Low Not required Partial Partial None
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.
38 CVE-2021-34812 798 +Info 2021-06-18 2021-06-24
5.0
None Remote Low Not required Partial None None
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.
39 CVE-2021-34795 798 2021-11-04 2021-11-06
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
40 CVE-2021-34571 798 2021-09-16 2021-09-28
2.9
None Local Network Medium Not required Partial None None
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.
41 CVE-2021-34565 798 2021-08-31 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
42 CVE-2021-33583 798 2021-09-30 2021-10-12
10.0
None Remote Low Not required Complete Complete Complete
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.
43 CVE-2021-33540 798 2021-06-25 2021-07-02
7.5
None Remote Low Not required Partial Partial Partial
In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.
44 CVE-2021-33531 798 2021-06-25 2021-07-27
9.0
None Remote Low ??? Complete Complete Complete
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability.
45 CVE-2021-33529 798 2021-06-25 2021-07-27
5.0
None Remote Low Not required Partial None None
In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device.
46 CVE-2021-33484 798 2021-09-07 2021-09-13
5.0
None Remote Low Not required Partial None None
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryption key (sent as a parameter in the comment form request) by setting this encrypted value as the username, which will appear on the comment page in its decrypted form. Using these two values (combined with the encryption functionality discovered in the decompiled installer), the attacker can encrypt another user's ID and username. These values can be used as part of the comment posting request in order to spoof the user.
47 CVE-2021-33220 798 2021-07-07 2021-07-09
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist.
48 CVE-2021-33219 798 2021-07-07 2021-07-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
49 CVE-2021-33218 798 2021-07-07 2021-07-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.
50 CVE-2021-32993 798 2021-12-27 2022-01-10
5.8
None Local Network Low Not required Partial Partial Partial
IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Total number of vulnerabilities : 680   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.