Vulnerabilities > Use of Hard-coded Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-10 | CVE-2023-30801 | Use of Hard-coded Credentials vulnerability in Qbittorrent All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. | 9.8 |
2023-10-04 | CVE-2023-20101 | Use of Hard-coded Credentials vulnerability in Cisco Emergency Responder 12.5(1)Su4 A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. | 9.8 |
2023-10-03 | CVE-2022-47891 | Use of Hard-coded Credentials vulnerability in Riello-Ups Netman 204 Firmware All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function. | 8.8 |
2023-09-30 | CVE-2023-5318 | Use of Hard-coded Credentials vulnerability in Microweber Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. | 7.5 |
2023-09-21 | CVE-2023-43637 | Use of Hard-coded Credentials vulnerability in Lfedge EVE Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" (which will always return "foobarfoobarfoobarfoobarfoobarfo" as the key), and then merges the 32byte randomly generated key with this key (by takeing 16bytes from each, see "mergeKeys"). This makes the key a lot weaker. This issue does not persist in devices that were initialized on/after version 7.10, but devices that were initialized before that and updated to a newer version still have this issue. Roll an update that enforces the full 32bytes key usage. | 7.8 |
2023-09-20 | CVE-2023-5074 | Use of Hard-coded Credentials vulnerability in Dlink D-View 8 2.0.1.28 Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 | 9.8 |
2023-09-19 | CVE-2023-31808 | Use of Hard-coded Credentials vulnerability in Technicolor Tg670 Firmware 10.5.N.9 Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. | 7.2 |
2023-09-19 | CVE-2022-47558 | Use of Hard-coded Credentials vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. | 9.8 |
2023-09-18 | CVE-2023-41030 | Use of Hard-coded Credentials vulnerability in Juplink Rx4-1500 Firmware Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user. | 9.8 |
2023-09-18 | CVE-2023-41595 | Use of Hard-coded Credentials vulnerability in Vaxilu X-Ui 1.8.3 An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password. | 7.5 |