CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-798

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2021-32521 798 2021-07-07 2021-09-21
7.5
None Remote Low Not required Partial Partial Partial
Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
52 CVE-2021-32459 798 Exec Code 2021-05-27 2021-06-07
5.5
None Remote Low ??? Partial Partial None
Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability.
53 CVE-2021-32454 798 2021-05-17 2021-05-25
5.8
None Local Network Low Not required Partial Partial Partial
SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access.
54 CVE-2021-31579 798 2021-07-22 2021-08-09
5.0
None Remote Low Not required Partial None None
Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
55 CVE-2021-31505 798 Exec Code 2021-06-29 2021-07-07
7.2
None Local Low Not required Complete Complete Complete
This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mode where hard-coded credentials are accepted for SSH authentication. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-12890.
56 CVE-2021-31477 798 Exec Code 2021-06-16 2021-06-24
7.5
None Remote Low Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852.
57 CVE-2021-30165 798 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices.
58 CVE-2021-29728 798 2021-08-30 2021-09-02
4.0
None Remote Low ??? Partial None None
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160.
59 CVE-2021-29691 798 2021-05-20 2021-05-24
5.0
None Remote Low Not required Partial None None
IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252.
60 CVE-2021-28912 798 2021-09-09 2021-09-20
9.0
None Remote Low ??? Complete Complete Complete
BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as 'eibPort string'. This is usable and the final part of an attack chain to gain SSH root access.
61 CVE-2021-28152 798 2021-05-06 2021-05-13
7.5
None Remote Low Not required Partial Partial Partial
Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn.
62 CVE-2021-28123 798 2021-04-02 2021-04-07
7.5
None Remote Low Not required Partial Partial Partial
Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version.
63 CVE-2021-28111 798 Exec Code 2021-05-20 2021-05-25
6.5
None Remote Low ??? Partial Partial Partial
Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker.
64 CVE-2021-27952 798 2021-08-03 2021-08-12
5.0
None Remote Low Not required Partial None None
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console.
65 CVE-2021-27503 798 2021-08-02 2021-08-11
5.8
None Remote Medium Not required Partial Partial None
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on hard-coded secrets, which allows man-in-the-middle attackers to tamper with messages.
66 CVE-2021-27481 798 2021-06-16 2021-06-22
2.1
None Local Low Not required Partial None None
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information.
67 CVE-2021-27452 798 2021-03-25 2021-03-29
10.0
None Remote Low Not required Complete Complete Complete
The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).
68 CVE-2021-27440 798 2021-03-25 2021-03-30
7.5
None Remote Low Not required Partial Partial Partial
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).
69 CVE-2021-27437 798 +Info 2021-05-07 2021-05-19
6.4
None Remote Low Not required Partial Partial None
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).
70 CVE-2021-27228 798 2021-02-22 2021-02-26
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names (such as constructor or hasOwnProperty) to convince the System that the supplied API Key exists in the underlying JS object, and consequently achieve complete access to User/Admin/Super API functions, as demonstrated by a /super/constructor/accounts/list URI.
71 CVE-2021-27172 798 2021-02-10 2021-02-12
5.0
None Remote Low Not required Partial None None
An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh.
72 CVE-2021-27169 798 2021-02-10 2021-02-12
5.0
None Remote Low Not required Partial None None
An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account.
73 CVE-2021-27168 798 2021-02-10 2021-02-12
5.0
None Remote Low Not required Partial None None
An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account.
74 CVE-2021-27167 798 2021-02-10 2021-02-12
5.0
None Remote Low Not required Partial None None
An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init_3bb_password in libci_adaptation_layer.so.
75 CVE-2021-27166 798 2021-02-10 2021-02-12
5.0
None Remote Low Not required Partial None None
An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon.
76 CVE-2021-27165 798 2021-02-10 2021-02-12
5.0
None Remote Low Not required Partial None None
An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials.
77 CVE-2021-27164 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / aisadmin credentials for an ISP.
78 CVE-2021-27163 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / tele1234 credentials for an ISP.
79 CVE-2021-27162 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP.
80 CVE-2021-27161 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP.
81 CVE-2021-27160 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP.
82 CVE-2021-27159 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded useradmin / 888888 credentials for an ISP.
83 CVE-2021-27158 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded L1vt1m4eng / 888888 credentials for an ISP.
84 CVE-2021-27157 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 888888 credentials for an ISP.
85 CVE-2021-27156 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains credentials for an ISP that equal the last part of the MAC address of the br0 interface.
86 CVE-2021-27155 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP.
87 CVE-2021-27154 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / G0R2U1P2ag credentials for an ISP.
88 CVE-2021-27153 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP.
89 CVE-2021-27152 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP.
90 CVE-2021-27151 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded rootmet / m3tr0r00t credentials for an ISP.
91 CVE-2021-27150 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded gestiontelebucaramanga / t3l3buc4r4m4ng42013 credentials for an ISP.
92 CVE-2021-27149 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adminpldt / z6dUABtl270qRxt7a2uGTiw credentials for an ISP.
93 CVE-2021-27148 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP.
94 CVE-2021-27147 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP.
95 CVE-2021-27146 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP.
96 CVE-2021-27145 798 2021-02-10 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP.
97 CVE-2021-27144 798 2021-02-10 2021-02-12
5.0
None Remote Low Not required Partial None None
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP.
98 CVE-2021-27143 798 2021-02-10 2021-02-12
5.0
None Remote Low Not required Partial None None
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP.
99 CVE-2021-27142 798 2021-02-10 2021-02-12
5.0
None Remote Low Not required Partial None None
An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions.
100 CVE-2021-27141 798 2021-02-10 2021-02-12
5.0
None Remote Low Not required Partial None None
An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.)
Total number of vulnerabilities : 680   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.