Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2022-09-13 CVE-2022-35582 Use of Hard-coded Credentials vulnerability in Pentasecurity Wapples 4.0.0/5.0.0.0/5.0.12.0
Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control.
network
low complexity
pentasecurity CWE-798
8.8
2022-09-13 CVE-2022-38069 Use of Hard-coded Credentials vulnerability in Contechealth Cms8000 Firmware
Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device.
low complexity
contechealth CWE-798
6.1
2022-09-08 CVE-2022-38394 Use of Hard-coded Credentials vulnerability in Allied-Telesis Centrecom Ar260S Firmware
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command.
network
low complexity
allied-telesis CWE-798
critical
9.8
2022-09-06 CVE-2022-37841 Use of Hard-coded Credentials vulnerability in Totolink A860R Firmware 4.1.2Cu.5182B20201027
In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample.
network
low complexity
totolink CWE-798
7.5
2022-09-06 CVE-2022-40111 Use of Hard-coded Credentials vulnerability in Totolink A3002R Firmware 1.1.1B20200824.0128
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware.
network
low complexity
totolink CWE-798
critical
9.8
2022-09-01 CVE-2022-36672 Use of Hard-coded Credentials vulnerability in Xxyopen Novel-Plus 3.6.2
Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file.
network
low complexity
xxyopen CWE-798
critical
9.8
2022-08-31 CVE-2022-30318 Use of Hard-coded Credentials vulnerability in Honeywell Controledge PLC Firmware and Controledge RTU Firmware
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials.
network
low complexity
honeywell CWE-798
critical
9.8
2022-08-29 CVE-2022-36558 Use of Hard-coded Credentials vulnerability in Seiko-Sol products
Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account.
network
low complexity
seiko-sol CWE-798
critical
9.8
2022-08-29 CVE-2022-36560 Use of Hard-coded Credentials vulnerability in Seiko-Sol Skybridge Mb-A200 Firmware 01.00.04
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root.
network
low complexity
seiko-sol CWE-798
critical
9.8
2022-08-29 CVE-2022-36610 Use of Hard-coded Credentials vulnerability in Totolink A720R Firmware 4.1.5Cu.532B20210610
TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
local
low complexity
totolink CWE-798
7.8