Total
134 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7564 | 1 Lb-link | 2 Bl-ac3600, Bl-ac3600 Firmware | 2025-07-17 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-7453 | 2025-07-15 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipulation with the input 123 leads to use of hard-coded password. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7577 | 2025-07-15 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been classified as problematic. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-48831 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | N/A | 8.4 HIGH |
| Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | |||||
| CVE-2025-6932 | 1 Dlink | 2 Dcs-7517, Dcs-7517 Firmware | 2025-07-14 | 2.6 LOW | 3.7 LOW |
| A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-3920 | 2025-07-08 | N/A | N/A | ||
| A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extract these credentials, potentially leading to a complete compromise of the application's administrative functions. This issue was fixed in version 2025.03.27 of the SUR-FBD CMMS software. | |||||
| CVE-2025-7079 | 2025-07-08 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plus leads to use of hard-coded password. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7080 | 2025-07-08 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret with the input jank-blog-secret/jank-blog-refresh-secret leads to use of hard-coded password. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2012-5862 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2025-07-08 | 10.0 HIGH | N/A |
| These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access. | |||||
| CVE-2025-47821 | 2025-06-30 | N/A | 2.2 LOW | ||
| Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system. | |||||
| CVE-2025-47818 | 2025-06-30 | N/A | 2.2 LOW | ||
| Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection. | |||||
| CVE-2025-47823 | 2025-06-30 | N/A | 2.2 LOW | ||
| Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system. | |||||
| CVE-2025-6139 | 1 Totolink | 2 T10, T10 Firmware | 2025-06-26 | 3.7 LOW | 3.9 LOW |
| A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-25984 | 1 Macro-video | 2 V380e6 C1, V380e6 C1 Firmware | 2025-06-25 | N/A | 6.8 MEDIUM |
| An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via UART component. | |||||
| CVE-2025-47748 | 1 Netwrix | 1 Directory Manager | 2025-06-19 | N/A | 5.3 MEDIUM |
| Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password. | |||||
| CVE-2024-28066 | 1 Mitel | 28 6905, 6905 Firmware, 6910 and 25 more | 2025-06-18 | N/A | 8.8 HIGH |
| In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). | |||||
| CVE-2024-36526 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | N/A | 9.8 CRITICAL |
| ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. | |||||
| CVE-2025-20286 | 2025-06-05 | N/A | 9.9 CRITICAL | ||
| A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected. | |||||
| CVE-2025-5379 | 2025-06-02 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as critical was found in NuCom NC-WR744G 8.5.5 Build 20200530.307. This vulnerability affects unknown code of the component Console Application. The manipulation of the argument CMCCAdmin/useradmin/CUAdmin leads to hard-coded credentials. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-46328 | 1 Vonets | 2 Vap11g-300, Vap11g-300 Firmware | 2025-05-29 | N/A | 8.0 HIGH |
| VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root. | |||||