Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-21 | CVE-2022-30036 | Use of Hard-coded Credentials vulnerability in Malighting Grandma2 Light Firmware MA Lighting grandMA2 Light has a password of root for the root account. | 8.8 |
| 2022-08-19 | CVE-2022-36171 | Use of Hard-coded Credentials vulnerability in Mapgis Igserver 10.5.6.11 MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. | 8.1 |
| 2022-08-19 | CVE-2022-36170 | Use of Hard-coded Credentials vulnerability in Mapgis Igserver 10.5 MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion. | 8.8 |
| 2022-08-18 | CVE-2022-35540 | Use of Hard-coded Credentials vulnerability in Dotnetcore Agileconfig Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. | 9.8 |
| 2022-08-17 | CVE-2022-1400 | Use of Hard-coded Credentials vulnerability in Device42 Cmdb Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. | 9.8 |
| 2022-08-16 | CVE-2022-35734 | Use of Hard-coded Credentials vulnerability in Hjholdings Hulu 3.0.47 'Hulu / ????' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. | 7.5 |
| 2022-08-12 | CVE-2021-44720 | Use of Hard-coded Credentials vulnerability in multiple products In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. | 7.2 |
| 2022-08-10 | CVE-2022-35491 | Use of Hard-coded Credentials vulnerability in Totolink A3002Ru Firmware 3.0.0B20220304.1804 TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. | 9.8 |
| 2022-08-05 | CVE-2022-22144 | Use of Hard-coded Credentials vulnerability in TCL Linkhub Mesh Wifi Ac1200 Ms1G0001.0014 A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. | 9.8 |
| 2022-08-04 | CVE-2022-34993 | Use of Hard-coded Credentials vulnerability in Totolink A3600R Firmware 4.1.2Cu.5182B20201102 Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. | 9.8 |