Total
1388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2556 | 2025-03-20 | 3.3 LOW | 4.3 MEDIUM | ||
| A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about these issues and acted very professional. Version 2.89 is fixing this issue for new customers and 2.90 is going to fix it for existing customers. | |||||
| CVE-2024-38466 | 1 Guoxinled | 1 Synthesis Image System | 2025-03-19 | N/A | 9.8 CRITICAL |
| Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password. | |||||
| CVE-2024-48126 | 2025-03-18 | N/A | 9.8 CRITICAL | ||
| HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access. | |||||
| CVE-2025-26410 | 2025-03-18 | N/A | 9.8 CRITICAL | ||
| The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. The backdoor user has been removed in firmware BSP >= 6.4.1. | |||||
| CVE-2024-57790 | 2025-03-17 | N/A | 5.4 MEDIUM | ||
| IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH. | |||||
| CVE-2024-42638 | 1 H3c | 2 Magic B1st, Magic B1st Firmware | 2025-03-17 | N/A | 9.8 CRITICAL |
| H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | |||||
| CVE-2019-17659 | 2025-03-17 | N/A | 3.7 LOW | ||
| A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image. | |||||
| CVE-2025-1724 | 2025-03-17 | N/A | 7.4 HIGH | ||
| Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token. | |||||
| CVE-2025-2343 | 2025-03-16 | 6.8 MEDIUM | 7.5 HIGH | ||
| A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2342 | 2025-03-16 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2322 | 2025-03-15 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-46637 | 1 Prolink2u | 2 Prs1841, Prs1841 Firmware | 2025-03-14 | N/A | 9.8 CRITICAL |
| Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services. | |||||
| CVE-2024-0390 | 1 Inprax | 1 Izzi Connect | 2025-03-13 | N/A | 9.8 CRITICAL |
| INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit "reQnet iZZi".This issue affects "iZZi connect" application versions before 2024010401. | |||||
| CVE-2024-33895 | 1 Hms-networks | 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more | 2025-03-13 | N/A | 6.6 MEDIUM |
| Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device. | |||||
| CVE-2024-33329 | 2025-03-13 | N/A | 7.5 HIGH | ||
| A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information. | |||||
| CVE-2024-48007 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-03-13 | N/A | 5.3 MEDIUM |
| Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data. | |||||
| CVE-2024-3130 | 2025-03-12 | N/A | 5.7 MEDIUM | ||
| Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app | |||||
| CVE-2025-27255 | 2025-03-12 | N/A | 8.0 HIGH | ||
| Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code. | |||||
| CVE-2024-27774 | 1 Unitronics | 1 Unilogic | 2025-03-10 | N/A | 7.5 HIGH |
| Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware | |||||
| CVE-2025-1393 | 2025-03-05 | N/A | 9.8 CRITICAL | ||
| An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product. | |||||