Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2022-10-18 CVE-2022-41540 Use of Hard-coded Credentials vulnerability in Tp-Link Ax10 Firmware V1211117
The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router.
network
high complexity
tp-link CWE-798
5.9
2022-10-17 CVE-2022-42980 Use of Hard-coded Credentials vulnerability in Go-Admin 2.0.12
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
network
low complexity
go-admin CWE-798
critical
9.8
2022-10-10 CVE-2022-34425 Use of Hard-coded Credentials vulnerability in Dell Enterprise Sonic Distribution 4.0.0/4.0.1
Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH.
network
low complexity
dell CWE-798
7.5
2022-09-30 CVE-2022-20844 Use of Hard-coded Credentials vulnerability in Cisco Sd-Wan
A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination.
network
low complexity
cisco CWE-798
5.3
2022-09-29 CVE-2020-15326 Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.
network
low complexity
zyxel CWE-798
5.3
2022-09-29 CVE-2020-15327 Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
network
low complexity
zyxel CWE-798
7.5
2022-09-26 CVE-2022-36159 Use of Hard-coded Credentials vulnerability in Contec products
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow.
low complexity
contec CWE-798
8.8
2022-09-16 CVE-2022-38823 Use of Hard-coded Credentials vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample.
network
low complexity
totolink CWE-798
critical
9.8
2022-09-13 CVE-2022-31322 Use of Hard-coded Credentials vulnerability in Pentasecurity Wapples 5.0.12.0/6.0.0/V6.0.R3.4.10
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables.
local
low complexity
pentasecurity CWE-798
7.8
2022-09-13 CVE-2022-35413 Use of Hard-coded Credentials vulnerability in Pentasecurity Wapples
WAPPLES through 6.0 has a hardcoded systemi account.
network
low complexity
pentasecurity CWE-798
critical
9.8