Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-25 | CVE-2022-34907 | Use of Hard-coded Credentials vulnerability in Filewave 14.7.0 An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. | 9.8 |
| 2022-07-25 | CVE-2022-35287 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Information Queue 10.0.2 IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
| 2022-07-20 | CVE-2022-26138 | Use of Hard-coded Credentials vulnerability in Atlassian Questions for Confluence 2.7.34/2.7.35/3.0.2 The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. | 9.8 |
| 2022-07-20 | CVE-2022-34045 | Use of Hard-coded Credentials vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116 Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. | 9.8 |
| 2022-07-20 | CVE-2022-2107 | Use of Hard-coded Credentials vulnerability in Micodus Mv720 Firmware The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. | 9.8 |
| 2022-07-20 | CVE-2022-24657 | Use of Hard-coded Credentials vulnerability in Goldshell Miner Firmware Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol (port 22). | 9.8 |
| 2022-07-19 | CVE-2022-29060 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiddos A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device. | 8.1 |
| 2022-07-18 | CVE-2022-30627 | Use of Hard-coded Credentials vulnerability in Chcnav P5E Gnss Firmware This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b20200706. | 7.5 |
| 2022-07-17 | CVE-2022-31210 | Use of Hard-coded Credentials vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957 An issue was discovered in Infiray IRAY-A8Z3 1.0.957. | 9.8 |
| 2022-07-17 | CVE-2022-32985 | Use of Hard-coded Credentials vulnerability in Nexans products libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201. | 9.8 |