Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2023-10-26 CVE-2018-17558 Use of Hard-coded Credentials vulnerability in Abus products
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.
network
low complexity
abus CWE-798
critical
9.8
2023-10-25 CVE-2023-26219 Use of Hard-coded Credentials vulnerability in Tibco products
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers.
network
low complexity
tibco CWE-798
8.8
2023-10-25 CVE-2023-31581 Use of Hard-coded Credentials vulnerability in Dromara Sureness
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.
network
low complexity
dromara CWE-798
critical
9.8
2023-10-25 CVE-2023-41372 Use of Hard-coded Credentials vulnerability in Boschrexroth products
The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair
local
low complexity
boschrexroth CWE-798
7.8
2023-10-25 CVE-2023-42492 Use of Hard-coded Credentials vulnerability in Busbaer Eisbaer Scada 3.0.6433.1964
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key
network
low complexity
busbaer CWE-798
critical
9.8
2023-10-25 CVE-2023-46102 Use of Hard-coded Credentials vulnerability in Boschrexroth products
The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application. This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself.
low complexity
boschrexroth CWE-798
8.8
2023-10-23 CVE-2022-22466 Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
9.8
2023-10-17 CVE-2023-41713 Use of Hard-coded Credentials vulnerability in Sonicwall Sonicos
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
network
low complexity
sonicwall CWE-798
7.5
2023-10-16 CVE-2023-33836 Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
9.8
2023-10-11 CVE-2023-45194 Use of Hard-coded Credentials vulnerability in MRL products
Use of default credentials vulnerability in MR-GM2 firmware Ver.
low complexity
mrl CWE-798
4.3