Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2022-08-18 CVE-2022-35540 Use of Hard-coded Credentials vulnerability in Dotnetcore Agileconfig
Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access.
network
low complexity
dotnetcore CWE-798
critical
9.8
2022-08-17 CVE-2022-1400 Use of Hard-coded Credentials vulnerability in Device42 Cmdb
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges.
network
low complexity
device42 CWE-798
critical
9.8
2022-08-16 CVE-2022-35734 Use of Hard-coded Credentials vulnerability in Hjholdings Hulu 3.0.47
'Hulu / ????' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service.
network
low complexity
hjholdings CWE-798
7.5
2022-08-12 CVE-2021-44720 Use of Hard-coded Credentials vulnerability in multiple products
In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen.
network
low complexity
pulsesecure ivanti CWE-798
7.2
2022-08-10 CVE-2022-35491 Use of Hard-coded Credentials vulnerability in Totolink A3002Ru Firmware 3.0.0B20220304.1804
TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample.
network
low complexity
totolink CWE-798
critical
9.8
2022-08-05 CVE-2022-22144 Use of Hard-coded Credentials vulnerability in TCL Linkhub Mesh Wifi Ac1200 Ms1G0001.0014
A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14.
network
low complexity
tcl CWE-798
critical
9.8
2022-08-04 CVE-2022-34993 Use of Hard-coded Credentials vulnerability in Totolink A3600R Firmware 4.1.2Cu.5182B20201102
Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample.
network
low complexity
totolink CWE-798
critical
9.8
2022-07-28 CVE-2022-30314 Use of Hard-coded Credentials vulnerability in Honeywell Safety Manager Firmware
Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials.
low complexity
honeywell CWE-798
4.6
2022-07-28 CVE-2021-22644 Use of Hard-coded Credentials vulnerability in Ovarro products
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key.
network
low complexity
ovarro CWE-798
critical
9.8
2022-07-27 CVE-2022-36952 Use of Hard-coded Credentials vulnerability in Veritas Netbackup
In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem.
network
low complexity
veritas CWE-798
critical
9.8