Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2023-09-18 CVE-2023-42328 Use of Hard-coded Credentials vulnerability in Peppermint
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.
network
low complexity
peppermint CWE-798
8.8
2023-09-16 CVE-2023-42336 Use of Hard-coded Credentials vulnerability in Netis-Systems Wf2409E Firmware 1.0.1.705
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.
network
low complexity
netis-systems CWE-798
critical
9.8
2023-09-14 CVE-2023-37755 Use of Hard-coded Credentials vulnerability in I-Doit
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name.
network
low complexity
i-doit CWE-798
critical
9.8
2023-09-13 CVE-2023-40717 Use of Hard-coded Credentials vulnerability in Fortinet Fortitester
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.
local
low complexity
fortinet CWE-798
7.8
2023-09-12 CVE-2023-27169 Use of Hard-coded Credentials vulnerability in Xpand-It Write-Back Manager 2.3.1
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation.
network
low complexity
xpand-it CWE-798
6.5
2023-09-06 CVE-2023-32619 Use of Hard-coded Credentials vulnerability in Tp-Link Archer C50 V3 Firmware and Archer C55 Firmware
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.
low complexity
tp-link CWE-798
8.8
2023-09-05 CVE-2023-41508 Use of Hard-coded Credentials vulnerability in Superstorefinder Super Store Finder 3.6
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.
network
low complexity
superstorefinder CWE-798
critical
9.8
2023-09-02 CVE-2023-39982 Use of Hard-coded Credentials vulnerability in Moxa Mxsecurity 1.0/1.0.1
A vulnerability has been identified in MXsecurity versions prior to v1.0.1.
network
high complexity
moxa CWE-798
5.9
2023-08-31 CVE-2023-31173 Use of Hard-coded Credentials vulnerability in Selinc Sel-5037 SEL Grid Configurator
Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.
local
low complexity
selinc CWE-798
8.4
2023-08-29 CVE-2023-23770 Use of Hard-coded Credentials vulnerability in Motorola Mbts Site Controller Firmware R05.32.58
Motorola MBTS Site Controller accepts hard-coded backdoor password.
network
low complexity
motorola CWE-798
critical
9.8