Total
1559 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5471 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-11-21 | 8.8 High |
| Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. | ||||
| CVE-2024-4844 | 2024-11-21 | 7.5 High | ||
| Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on. | ||||
| CVE-2024-4708 | 1 Myscada | 1 Mypro | 2024-11-21 | 9.8 Critical |
| mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. | ||||
| CVE-2024-45275 | 3 Helmholz, Mb Connect Line, Mbconnectline | 5 Rex 100, Rex 100 Firmware, Mbnet.mini and 2 more | 2024-11-21 | 9.8 Critical |
| The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. | ||||
| CVE-2024-41689 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-11-21 | 4.6 Medium |
| This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system. | ||||
| CVE-2024-3408 | 2 Man, Man-group | 2 D-tale, Dtale | 2024-11-21 | 9.8 Critical |
| man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server. | ||||
| CVE-2024-39374 | 1 Markoni | 4 Markoni-d \(compact\), Markoni-d \(compact\) Firmware, Markoni-dh \(exciter\+amplifiers\) and 1 more | 2024-11-21 | 9.8 Critical |
| TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded credentials. | ||||
| CVE-2024-39208 | 1 Luciapplucky | 1 Luci-app-lucky | 2024-11-21 | 9.8 Critical |
| luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials. | ||||
| CVE-2024-38480 | 2024-11-21 | 4 Medium | ||
| "Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability. | ||||
| CVE-2024-38281 | 1 Motorola | 2 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware | 2024-11-21 | 9.8 Critical |
| An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device. | ||||
| CVE-2024-36480 | 1 Ricoh | 1 Streamline Nx Pc Client | 2024-11-21 | 9.8 Critical |
| Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the PC. | ||||
| CVE-2024-35338 | 1 Tendacn | 2 I29, I29 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. | ||||
| CVE-2024-32988 | 2024-11-21 | 7.5 High | ||
| 'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered. | ||||
| CVE-2024-2161 | 2024-11-21 | 9.8 Critical | ||
| Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . | ||||
| CVE-2024-28747 | 1 Ifm | 2 Smart Plc Ac14xx Firmware, Smart Plc Ac4xxs Firmware | 2024-11-21 | 9.8 Critical |
| An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges. | ||||
| CVE-2024-27107 | 2024-11-21 | 9.6 Critical | ||
| Weak account password in GE HealthCare EchoPAC products | ||||
| CVE-2024-22772 | 2 Hitron Systems, Hitronsystems | 3 Dvr Hvr-4781, Dvr Hvr-4781 Firmware, Dvr Lguvr-8h | 2024-11-21 | 7.4 High |
| Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | ||||
| CVE-2024-22771 | 2 Hitron Systems, Hitronsystems | 3 Dvr Hvr-4781, Dvr Hvr-4781 Firmware, Dvr Lguvr-4h Firmware | 2024-11-21 | 7.4 High |
| Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | ||||
| CVE-2024-21764 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | 9.8 Critical |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. | ||||
| CVE-2024-1661 | 1 Totolink | 1 X6000r Firmware | 2024-11-21 | 2.5 Low |
| A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||