Total
1388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36614 | 1 Totolink | 2 A860r, A860r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36613 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36612 | 1 Totolink | 2 A950rg, A950rg Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36611 | 1 Totolink | 2 A800r, A800r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36610 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36560 | 1 Seiko-sol | 2 Skybridge Mb-a200, Skybridge Mb-a200 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh. | |||||
| CVE-2022-36558 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg. | |||||
| CVE-2022-36171 | 1 Mapgis | 1 Mapgis Igserver | 2024-11-21 | N/A | 8.1 HIGH |
| MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. | |||||
| CVE-2022-36170 | 1 Mapgis | 1 Igserver | 2024-11-21 | N/A | 8.8 HIGH |
| MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion. | |||||
| CVE-2022-36159 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2024-11-21 | N/A | 8.8 HIGH |
| Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware. | |||||
| CVE-2022-35866 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139. | |||||
| CVE-2022-35857 | 1 Kvf-admin Project | 1 Kvf-admin | 2024-11-21 | N/A | 9.8 CRITICAL |
| kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file. | |||||
| CVE-2022-35734 | 1 Hjholdings | 1 Hulu | 2024-11-21 | N/A | 7.5 HIGH |
| 'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | |||||
| CVE-2022-35582 | 1 Pentasecurity | 1 Wapples | 2024-11-21 | N/A | 8.8 HIGH |
| Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control. | |||||
| CVE-2022-35540 | 1 Dotnetcore | 1 Agileconfig | 2024-11-21 | N/A | 9.8 CRITICAL |
| Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. | |||||
| CVE-2022-35491 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. | |||||
| CVE-2022-35413 | 1 Pentasecurity | 1 Wapples | 2024-11-21 | N/A | 9.8 CRITICAL |
| WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001. | |||||
| CVE-2022-35287 | 1 Ibm | 1 Security Verify Information Queue | 2024-11-21 | N/A | 7.5 HIGH |
| IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817. | |||||
| CVE-2022-34993 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. | |||||
| CVE-2022-34907 | 1 Filewave | 1 Filewave | 2024-11-21 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform. | |||||