Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-03 | CVE-2023-37608 | Use of Hard-coded Credentials vulnerability in Automaticsystems SOC Fl9600 Firstlane Firmware 06 An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password. | 7.5 |
| 2023-12-28 | CVE-2023-49228 | Use of Hard-coded Credentials vulnerability in Peplink Balance TWO Firmware 8.1.0 An issue was discovered in Peplink Balance Two before 8.4.0. | 6.4 |
| 2023-12-27 | CVE-2023-46918 | Use of Hard-coded Credentials vulnerability in Fedirtsapana Simple Http Server Plus 1.8.1Plus Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. | 4.6 |
| 2023-12-27 | CVE-2023-46919 | Use of Hard-coded Credentials vulnerability in Fedirtsapana Simple Http Server and Simple Http Server Plus Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. | 6.3 |
| 2023-12-26 | CVE-2023-46711 | Use of Hard-coded Credentials vulnerability in Buffalo Vr-S1000 Firmware VR-S1000 firmware Ver. | 4.6 |
| 2023-12-25 | CVE-2023-40236 | Use of Hard-coded Credentials vulnerability in Pexip Virtual Meeting Rooms In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass. | 5.3 |
| 2023-12-19 | CVE-2023-43870 | Use of Hard-coded Credentials vulnerability in Paxton-Access Net2 6.02/6.07 When installing the Net2 software a root certificate is installed into the trusted store. | 9.8 |
| 2023-12-15 | CVE-2023-48374 | Use of Hard-coded Credentials vulnerability in Csharp CWS Collaborative Development Platform 10.25 SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. | 6.5 |
| 2023-12-12 | CVE-2023-36647 | Use of Hard-coded Credentials vulnerability in Prolion Cryptospike 3.0.15 A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens. | 7.5 |
| 2023-12-12 | CVE-2023-36651 | Use of Hard-coded Credentials vulnerability in Prolion Cryptospike 3.0.15 Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. | 7.2 |