Total
1388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11380 | 1 Trendmicro | 1 Deep Discovery Director | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1. | |||||
| CVE-2017-14374 | 1 Dell | 1 Storage Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance). | |||||
| CVE-2017-6054 | 1 Hyundaiusa | 1 Blue Link | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information. | |||||
| CVE-2017-6131 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 6 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH. | |||||
| CVE-2022-37832 | 1 Mutiny | 1 Mutiny | 2025-04-18 | N/A | 9.8 CRITICAL |
| Mutiny 7.2.0-10788 suffers from Hardcoded root password. | |||||
| CVE-2021-22644 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | N/A | 7.5 HIGH |
| Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. | |||||
| CVE-2022-36222 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2025-04-16 | N/A | 8.4 HIGH |
| Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. | |||||
| CVE-2024-22083 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | N/A | 6.5 MEDIUM |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks. | |||||
| CVE-2025-27643 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006. | |||||
| CVE-2023-41612 | 1 Govicture | 2 Pc420, Pc420 Firmware | 2025-04-14 | N/A | 8.8 HIGH |
| Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card. | |||||
| CVE-2023-41611 | 1 Govicture | 2 Pc420, Pc420 Firmware | 2025-04-14 | N/A | 6.5 MEDIUM |
| Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data. | |||||
| CVE-2023-41610 | 1 Govicture | 2 Pc420, Pc420 Firmware | 2025-04-14 | N/A | 8.8 HIGH |
| Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext. | |||||
| CVE-2022-45425 | 1 Dahuasecurity | 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more | 2025-04-14 | N/A | 7.5 HIGH |
| Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability. | |||||
| CVE-2016-3685 | 3 Apple, Microsoft, Sap | 3 Macos, Windows, Download Manager | 2025-04-12 | 1.9 LOW | 4.7 MEDIUM |
| SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338. | |||||
| CVE-2016-5333 | 1 Vmware | 1 Photon Os | 2025-04-12 | 9.3 HIGH | 9.8 CRITICAL |
| VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | |||||
| CVE-2016-2310 | 1 Ge | 8 Multilink Firmware, Multilink Ml1200, Multilink Ml1600 and 5 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. | |||||
| CVE-2016-5081 | 1 Zmodo | 2 Zp-ibh-13w, Zp-ne-14-s | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session. | |||||
| CVE-2016-7560 | 1 Fortinet | 1 Fortiwlc | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||||
| CVE-2016-10115 | 1 Netgear | 8 Arlo Base Station Firmware, Arlo Q Camera Firmware, Arlo Q Plus Camera Firmware and 5 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration. | |||||
| CVE-2016-5678 | 1 Nuuo | 2 Nvrmini 2, Nvrsolo | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | |||||