Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-14 | CVE-2023-3262 | Use of Hard-coded Credentials vulnerability in Dataprobe products The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records. | 6.7 |
| 2023-08-11 | CVE-2023-22956 | Use of Hard-coded Credentials vulnerability in Audiocodes products An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. | 7.5 |
| 2023-08-11 | CVE-2023-22957 | Use of Hard-coded Credentials vulnerability in Audiocodes products An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. | 7.5 |
| 2023-08-11 | CVE-2022-44612 | Use of Hard-coded Credentials vulnerability in Intel Unison Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access. | 5.5 |
| 2023-08-09 | CVE-2023-37857 | Use of Hard-coded Credentials vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. | 7.2 |
| 2023-08-08 | CVE-2023-21652 | Use of Hard-coded Credentials vulnerability in Qualcomm products Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. | 7.1 |
| 2023-08-04 | CVE-2023-33372 | Use of Hard-coded Credentials vulnerability in Connectedio Connected IO Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. | 9.8 |
| 2023-08-03 | CVE-2023-33371 | Use of Hard-coded Credentials vulnerability in Assaabloy Control ID Idsecure Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. | 9.8 |
| 2023-07-30 | CVE-2023-32227 | Use of Hard-coded Credentials vulnerability in Synel Synergy/A Firmware Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials | 9.8 |
| 2023-07-30 | CVE-2023-37215 | Use of Hard-coded Credentials vulnerability in JBL BAR 5.1 Surround Firmware JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials | 9.8 |