Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-01 | CVE-2023-28895 | Use of Hard-coded Credentials vulnerability in Preh Mib3 Firmware The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. | 6.8 |
| 2023-11-29 | CVE-2023-23324 | Use of Hard-coded Credentials vulnerability in Zumtobel Netlink CCD Firmware 3.80 Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account. | 9.8 |
| 2023-11-28 | CVE-2023-29064 | Use of Hard-coded Credentials vulnerability in BD Facschorus The FACSChorus software contains sensitive information stored in plaintext. | 4.3 |
| 2023-11-22 | CVE-2023-47315 | Use of Hard-coded Credentials vulnerability in H-Mdm Headwind MDM 5.22.1 Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. | 8.8 |
| 2023-11-16 | CVE-2023-48053 | Use of Hard-coded Credentials vulnerability in Archerydms Archery 1.9.0 Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. | 7.5 |
| 2023-11-16 | CVE-2023-48055 | Use of Hard-coded Credentials vulnerability in Superagi 0.0.13 SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. | 7.5 |
| 2023-11-16 | CVE-2023-44296 | Use of Hard-coded Credentials vulnerability in Dell E-Lab Navigator 3.1.8/3.1.9 Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. | 5.5 |
| 2023-11-16 | CVE-2023-47213 | Use of Hard-coded Credentials vulnerability in C-First products First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. | 9.8 |
| 2023-11-10 | CVE-2023-47800 | Use of Hard-coded Credentials vulnerability in Natus Neuroworks EEG and Sleepworks Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services. | 9.8 |
| 2023-11-09 | CVE-2023-41137 | Use of Hard-coded Credentials vulnerability in Appsanywhere Client Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server. | 9.8 |