CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-798

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-22845 798 2022-01-10 2022-01-18
7.5
None Remote Low Not required Partial Partial Partial
QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations.
2 CVE-2022-22056 798 2022-01-14 2022-01-21
10.0
None Remote Low Not required Complete Complete Complete
The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service.
3 CVE-2021-45913 798 2022-01-04 2022-01-13
9.0
None Remote Low ??? Complete Complete Complete
A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel.
4 CVE-2021-45732 798 2021-12-30 2022-01-11
6.5
None Remote Low ??? Partial Partial Partial
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.
5 CVE-2021-45522 798 2021-12-26 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded password.
6 CVE-2021-45033 798 2022-01-11 2022-01-19
8.5
None Remote Medium ??? Complete Complete Complete
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device.
7 CVE-2021-44207 798 2021-12-21 2022-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.
8 CVE-2021-43284 798 2021-11-30 2021-12-03
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface).
9 CVE-2021-43044 798 2021-12-06 2021-12-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community.
10 CVE-2021-41299 798 2021-09-30 2021-10-07
10.0
None Remote Low Not required Complete Complete Complete
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in.
11 CVE-2021-40519 798 2021-11-10 2021-11-12
6.4
None Remote Low Not required Partial Partial None
Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.
12 CVE-2021-40494 798 2021-09-03 2021-09-10
10.0
None Remote Low Not required Complete Complete Complete
A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system.
13 CVE-2021-40119 798 2021-11-04 2021-11-12
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user.
14 CVE-2021-39615 798 2021-08-23 2021-08-30
10.0
None Remote Low Not required Complete Complete Complete
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
15 CVE-2021-38456 798 2021-10-12 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords
16 CVE-2021-37555 798 2021-07-26 2021-08-09
10.0
None Remote Low Not required Complete Complete Complete
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).
17 CVE-2021-37163 798 2021-08-02 2021-08-10
7.5
None Remote Low Not required Partial Partial Partial
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded.
18 CVE-2021-36751 798 2022-01-02 2022-01-13
6.4
None Remote Low Not required Partial Partial None
ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. There is no data integrity mechanism. (This behavior occurs across USB drives sold under multiple brand names.)
19 CVE-2021-35961 798 2021-07-16 2021-08-02
10.0
None Remote Low Not required Complete Complete Complete
Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.
20 CVE-2021-34795 798 2021-11-04 2021-11-06
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
21 CVE-2021-34565 798 2021-08-31 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
22 CVE-2021-33583 798 2021-09-30 2021-10-12
10.0
None Remote Low Not required Complete Complete Complete
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.
23 CVE-2021-33540 798 2021-06-25 2021-07-02
7.5
None Remote Low Not required Partial Partial Partial
In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.
24 CVE-2021-33531 798 2021-06-25 2021-07-27
9.0
None Remote Low ??? Complete Complete Complete
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability.
25 CVE-2021-33219 798 2021-07-07 2021-07-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
26 CVE-2021-33218 798 2021-07-07 2021-07-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.
27 CVE-2021-32588 798 Exec Code 2021-08-18 2021-08-26
10.0
None Remote Low Not required Complete Complete Complete
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.
28 CVE-2021-32535 798 Exec Code 2021-07-07 2021-09-20
7.5
None Remote Low Not required Partial Partial Partial
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.
29 CVE-2021-32521 798 2021-07-07 2021-09-21
7.5
None Remote Low Not required Partial Partial Partial
Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
30 CVE-2021-31505 798 Exec Code 2021-06-29 2021-07-07
7.2
None Local Low Not required Complete Complete Complete
This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mode where hard-coded credentials are accepted for SSH authentication. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-12890.
31 CVE-2021-31477 798 Exec Code 2021-06-16 2021-06-24
7.5
None Remote Low Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852.
32 CVE-2021-28912 798 2021-09-09 2021-09-20
9.0
None Remote Low ??? Complete Complete Complete
BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as 'eibPort string'. This is usable and the final part of an attack chain to gain SSH root access.
33 CVE-2021-28152 798 2021-05-06 2021-05-13
7.5
None Remote Low Not required Partial Partial Partial
Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn.
34 CVE-2021-28123 798 2021-04-02 2021-04-07
7.5
None Remote Low Not required Partial Partial Partial
Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version.
35 CVE-2021-28111 798 Exec Code 2021-05-20 2021-05-25
6.5
None Remote Low ??? Partial Partial Partial
Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker.
36 CVE-2021-27452 798 2021-03-25 2021-03-29
10.0
None Remote Low Not required Complete Complete Complete
The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).
37 CVE-2021-27440 798 2021-03-25 2021-03-30
7.5
None Remote Low Not required Partial Partial Partial
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).
38 CVE-2021-27437 798 +Info 2021-05-07 2021-05-19
6.4
None Remote Low Not required Partial Partial None
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).
39 CVE-2021-27228 798 2021-02-22 2021-02-26
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names (such as constructor or hasOwnProperty) to convince the System that the supplied API Key exists in the underlying JS object, and consequently achieve complete access to User/Admin/Super API functions, as demonstrated by a /super/constructor/accounts/list URI.
40 CVE-2021-27164 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / aisadmin credentials for an ISP.
41 CVE-2021-27163 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / tele1234 credentials for an ISP.
42 CVE-2021-27162 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP.
43 CVE-2021-27161 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP.
44 CVE-2021-27160 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP.
45 CVE-2021-27159 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded useradmin / 888888 credentials for an ISP.
46 CVE-2021-27158 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded L1vt1m4eng / 888888 credentials for an ISP.
47 CVE-2021-27157 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 888888 credentials for an ISP.
48 CVE-2021-27156 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains credentials for an ISP that equal the last part of the MAC address of the br0 interface.
49 CVE-2021-27155 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP.
50 CVE-2021-27154 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / G0R2U1P2ag credentials for an ISP.
Total number of vulnerabilities : 465   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.