CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-798

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2019-0020 798 2019-01-15 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
402 CVE-2018-1000625 798 2018-12-28 2019-01-11
10.0
None Remote Low Not required Complete Complete Complete
Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system.
403 CVE-2018-21137 798 2020-04-23 2020-04-24
7.5
None Remote Low Not required Partial Partial Partial
Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.
404 CVE-2018-20955 798 2019-08-08 2021-08-24
10.0
None Remote Low Not required Complete Complete Complete
Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31.
405 CVE-2018-20432 798 +Priv 2020-09-14 2020-10-29
10.0
None Remote Low Not required Complete Complete Complete
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.
406 CVE-2018-20219 798 Bypass 2019-03-21 2019-03-25
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged.
407 CVE-2018-19233 798 Exec Code 2018-12-20 2019-01-08
2.1
None Local Low Not required Partial None None
COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file.
408 CVE-2018-19069 798 2018-11-07 2018-12-11
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of toor.
409 CVE-2018-19067 798 2018-11-07 2018-12-11
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~ account.
410 CVE-2018-19066 798 2018-11-07 2018-12-11
5.0
None Remote Low Not required Partial None None
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift* password in some cases.
411 CVE-2018-19065 798 2018-11-07 2018-12-11
5.0
None Remote Low Not required Partial None None
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded BpP+2R9*Q password in some cases.
412 CVE-2018-19063 798 2018-11-07 2018-12-11
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password.
413 CVE-2018-18998 798 2019-02-05 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges.
414 CVE-2018-18979 798 +Info 2019-05-06 2020-08-24
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in combination with retrieving any user's encrypted data from the Ascensia cloud through another vulnerability, allows an attacker to obtain and modify any patient's medical information.
415 CVE-2018-18978 798 +Info 2019-05-06 2020-08-24
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with retrieving any user's encrypted data from the Ascensia cloud through another vulnerability, allows an attacker to obtain and modify any patient's medical information.
416 CVE-2018-18929 798 2019-10-29 2019-11-05
4.0
None Remote Low ??? Partial None None
The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username and password can leverage it to gain administrator-level access on the system.
417 CVE-2018-18473 798 Exec Code 2019-03-21 2019-09-09
10.0
None Remote Low Not required Complete Complete Complete
A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system.
418 CVE-2018-18009 798 2018-12-21 2021-04-23
5.0
None Remote Low Not required Partial None None
dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials.
419 CVE-2018-18008 798 2018-12-21 2020-08-24
5.0
None Remote Low Not required Partial None None
spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.
420 CVE-2018-18007 798 2018-12-21 2021-04-23
5.0
None Remote Low Not required Partial None None
atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.
421 CVE-2018-18006 798 2018-12-14 2019-01-03
7.5
None Remote Low Not required Partial Partial Partial
Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.
422 CVE-2018-17919 798 2018-10-10 2019-10-09
6.4
None Remote Low Not required Partial Partial None
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams.
423 CVE-2018-17896 798 Exec Code +Info 2018-10-12 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
424 CVE-2018-17894 798 +Priv 2018-10-12 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access.
425 CVE-2018-17771 798 2020-09-09 2020-11-24
7.2
None Local Low Not required Complete Complete Complete
Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N.
426 CVE-2018-17767 798 2020-09-09 2020-11-24
7.2
None Local Low Not required Complete Complete Complete
Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N.
427 CVE-2018-17492 798 2019-03-21 2019-10-09
2.1
None Local Low Not required Partial None None
EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
428 CVE-2018-17217 798 2018-10-01 2018-11-15
5.0
None Remote Low Not required Partial None None
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key.
429 CVE-2018-16957 798 2018-09-18 2018-12-06
10.0
None Remote Low Not required Complete Complete Complete
The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary able to access this service over a network could perform search queries to extract large quantities of sensitive information from the WCI installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.
430 CVE-2018-16546 798 2018-09-05 2019-10-03
4.3
None Remote Medium Not required Partial None None
Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206.
431 CVE-2018-16201 798 Exec Code 2019-01-09 2019-01-24
8.3
None Local Network Low Not required Complete Complete Complete
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.
432 CVE-2018-16186 798 2019-01-09 2019-02-04
8.3
None Local Network Low Not required Complete Complete Complete
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration.
433 CVE-2018-16158 798 2018-08-30 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
434 CVE-2018-15808 798 Exec Code 2018-08-23 2018-10-26
10.0
None Remote Low Not required Complete Complete Complete
POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients.
435 CVE-2018-15781 798 2019-02-13 2019-10-09
7.9
None Local Network Medium Not required Complete Complete Complete
The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.
436 CVE-2018-15753 798 2018-10-02 2018-11-25
5.0
None Remote Low Not required Partial None None
An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password.
437 CVE-2018-15720 798 2018-12-20 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.
438 CVE-2018-15491 798 2018-08-18 2019-10-03
5.0
None Remote Low Not required None Partial None
A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes).
439 CVE-2018-15439 798 Exec Code Bypass 2018-11-08 2020-08-28
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability.
440 CVE-2018-15427 798 Exec Code 2018-10-05 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.
441 CVE-2018-15389 798 2018-10-05 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges.
442 CVE-2018-15360 798 2018-08-17 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.
443 CVE-2018-14943 798 2018-08-05 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.
444 CVE-2018-14901 798 2018-08-30 2019-10-03
5.0
None Remote Low Not required Partial None None
The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services.
445 CVE-2018-14801 798 2018-08-22 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.
446 CVE-2018-14528 798 2019-07-05 2019-07-15
10.0
None Remote Low Not required Complete Complete Complete
Invoxia NVX220 devices allow TELNET access as admin with a default password.
447 CVE-2018-14324 798 +Info 2018-07-16 2019-05-20
10.0
None Remote Low Not required Complete Complete Complete
The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a "jmx_rmi remote monitoring and control problem." NOTE: this is not an Oracle supported product.
448 CVE-2018-13820 798 2018-08-30 2018-10-19
5.0
None Remote Low Not required Partial None None
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
449 CVE-2018-13819 798 2018-08-30 2018-10-19
5.0
None Remote Low Not required Partial None None
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
450 CVE-2018-13342 798 2018-10-24 2019-01-09
7.5
None Remote Low Not required Partial Partial Partial
The server API in the Anda app relies on hardcoded credentials.
Total number of vulnerabilities : 680   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.