Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-05 | CVE-2023-36623 | Use of Hard-coded Credentials vulnerability in Loxone Miniserver GO GEN 2 Firmware 14.1.5.9 The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. | 7.8 |
| 2023-07-05 | CVE-2023-34338 | Use of Hard-coded Credentials vulnerability in AMI Megarac Sp-X 12/13 AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. | 9.8 |
| 2023-07-05 | CVE-2023-34473 | Use of Hard-coded Credentials vulnerability in AMI Megarac Sp-X 12/13 AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. | 8.8 |
| 2023-06-30 | CVE-2023-28387 | Use of Hard-coded Credentials vulnerability in Uzabase Newspicks 10.4.2/10.4.5 "NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service. | 5.5 |
| 2023-06-16 | CVE-2023-25187 | Use of Hard-coded Credentials vulnerability in Nokia Asika Airscale Firmware An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. | 7.0 |
| 2023-06-14 | CVE-2023-3237 | Use of Hard-coded Credentials vulnerability in Otcms A vulnerability classified as critical was found in OTCMS up to 6.62. | 9.8 |
| 2023-06-13 | CVE-2023-2637 | Use of Hard-coded Credentials vulnerability in Rockwellautomation products Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. | 8.2 |
| 2023-06-13 | CVE-2023-33920 | Use of Hard-coded Credentials vulnerability in Siemens Cpci85 Firmware A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). | 6.8 |
| 2023-06-02 | CVE-2023-2061 | Use of Hard-coded Credentials vulnerability in Mitsubishielectric products Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP. | 7.5 |
| 2023-06-01 | CVE-2023-33778 | Use of Hard-coded Credentials vulnerability in Draytek products Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. | 9.8 |