CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-798

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43575 798 2021-11-09 2021-11-15
2.1
None Local Low Not required Partial None None
** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported.
2 CVE-2021-41828 798 2021-09-30 2021-10-05
5.0
None Remote Low Not required Partial None None
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.
3 CVE-2021-41827 798 2021-09-30 2021-10-05
5.0
None Remote Low Not required Partial None None
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.
4 CVE-2021-41320 798 2021-10-15 2021-10-21
2.1
None Local Low Not required Partial None None
A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user.
5 CVE-2021-41299 798 2021-09-30 2021-10-07
10.0
None Remote Low Not required Complete Complete Complete
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in.
6 CVE-2021-40519 798 2021-11-10 2021-11-12
6.4
None Remote Low Not required Partial Partial None
Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.
7 CVE-2021-40494 798 2021-09-03 2021-09-10
10.0
None Remote Low Not required Complete Complete Complete
A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system.
8 CVE-2021-40119 798 2021-11-04 2021-11-12
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user.
9 CVE-2021-39615 798 2021-08-23 2021-08-30
10.0
None Remote Low Not required Complete Complete Complete
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
10 CVE-2021-39614 798 2021-08-23 2021-08-30
5.0
None Remote Low Not required Partial None None
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values.
11 CVE-2021-39613 798 2021-08-23 2021-08-30
5.0
None Remote Low Not required Partial None None
** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
12 CVE-2021-39245 798 2021-08-23 2021-08-26
5.0
None Remote Low Not required Partial None None
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0.
13 CVE-2021-38456 798 2021-10-12 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords
14 CVE-2021-37555 798 2021-07-26 2021-08-09
10.0
None Remote Low Not required Complete Complete Complete
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).
15 CVE-2021-37163 798 2021-08-02 2021-08-10
7.5
None Remote Low Not required Partial Partial Partial
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded.
16 CVE-2021-36799 798 2021-07-19 2021-11-17
2.1
None Local Low Not required Partial None None
** UNSUPPORTED WHEN ASSIGNED ** KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
17 CVE-2021-36234 798 2021-08-31 2021-09-08
2.1
None Local Low Not required Partial None None
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.
18 CVE-2021-35961 798 2021-07-16 2021-08-02
10.0
None Remote Low Not required Complete Complete Complete
Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.
19 CVE-2021-34812 798 +Info 2021-06-18 2021-06-24
5.0
None Remote Low Not required Partial None None
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.
20 CVE-2021-34795 798 2021-11-04 2021-11-06
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
21 CVE-2021-34571 798 2021-09-16 2021-09-28
2.9
None Local Network Medium Not required Partial None None
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.
22 CVE-2021-34565 798 2021-08-31 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
23 CVE-2021-33583 798 2021-09-30 2021-10-12
10.0
None Remote Low Not required Complete Complete Complete
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.
24 CVE-2021-33540 798 2021-06-25 2021-07-02
7.5
None Remote Low Not required Partial Partial Partial
In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.
25 CVE-2021-33531 798 2021-06-25 2021-07-27
9.0
None Remote Low ??? Complete Complete Complete
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability.
26 CVE-2021-33529 798 2021-06-25 2021-07-27
5.0
None Remote Low Not required Partial None None
In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device.
27 CVE-2021-33484 798 2021-09-07 2021-09-13
5.0
None Remote Low Not required Partial None None
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryption key (sent as a parameter in the comment form request) by setting this encrypted value as the username, which will appear on the comment page in its decrypted form. Using these two values (combined with the encryption functionality discovered in the decompiled installer), the attacker can encrypt another user's ID and username. These values can be used as part of the comment posting request in order to spoof the user.
28 CVE-2021-33220 798 2021-07-07 2021-07-09
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist.
29 CVE-2021-33219 798 2021-07-07 2021-07-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
30 CVE-2021-33218 798 2021-07-07 2021-07-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.
31 CVE-2021-32588 798 Exec Code 2021-08-18 2021-08-26
10.0
None Remote Low Not required Complete Complete Complete
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.
32 CVE-2021-32535 798 Exec Code 2021-07-07 2021-09-20
7.5
None Remote Low Not required Partial Partial Partial
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.
33 CVE-2021-32521 798 2021-07-07 2021-09-21
7.5
None Remote Low Not required Partial Partial Partial
Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
34 CVE-2021-32459 798 Exec Code 2021-05-27 2021-06-07
5.5
None Remote Low ??? Partial Partial None
Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability.
35 CVE-2021-32454 798 2021-05-17 2021-05-25
5.8
None Local Network Low Not required Partial Partial Partial
SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access.
36 CVE-2021-31579 798 2021-07-22 2021-08-09
5.0
None Remote Low Not required Partial None None
Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
37 CVE-2021-31505 798 Exec Code 2021-06-29 2021-07-07
7.2
None Local Low Not required Complete Complete Complete
This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mode where hard-coded credentials are accepted for SSH authentication. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-12890.
38 CVE-2021-31477 798 Exec Code 2021-06-16 2021-06-24
7.5
None Remote Low Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852.
39 CVE-2021-30165 798 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices.
40 CVE-2021-29728 798 2021-08-30 2021-09-02
4.0
None Remote Low ??? Partial None None
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160.
41 CVE-2021-29691 798 2021-05-20 2021-05-24
5.0
None Remote Low Not required Partial None None
IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252.
42 CVE-2021-28912 798 2021-09-09 2021-09-20
9.0
None Remote Low ??? Complete Complete Complete
BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as 'eibPort string'. This is usable and the final part of an attack chain to gain SSH root access.
43 CVE-2021-28152 798 2021-05-06 2021-05-13
7.5
None Remote Low Not required Partial Partial Partial
Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn.
44 CVE-2021-28123 798 2021-04-02 2021-04-07
7.5
None Remote Low Not required Partial Partial Partial
Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version.
45 CVE-2021-28111 798 Exec Code 2021-05-20 2021-05-25
6.5
None Remote Low ??? Partial Partial Partial
Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker.
46 CVE-2021-27952 798 2021-08-03 2021-08-12
5.0
None Remote Low Not required Partial None None
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console.
47 CVE-2021-27503 798 2021-08-02 2021-08-11
5.8
None Remote Medium Not required Partial Partial None
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on hard-coded secrets, which allows man-in-the-middle attackers to tamper with messages.
48 CVE-2021-27481 798 2021-06-16 2021-06-22
2.1
None Local Low Not required Partial None None
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information.
49 CVE-2021-27452 798 2021-03-25 2021-03-29
10.0
None Remote Low Not required Complete Complete Complete
The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).
50 CVE-2021-27440 798 2021-03-25 2021-03-30
7.5
None Remote Low Not required Partial Partial Partial
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).
Total number of vulnerabilities : 680   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.