Total
1480 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27107 | 2024-11-21 | 9.6 Critical | ||
| Weak account password in GE HealthCare EchoPAC products | ||||
| CVE-2024-23842 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-11-21 | 7.4 High |
| Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | ||||
| CVE-2024-22813 | 2024-11-21 | 4.4 Medium | ||
| An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite the hardcoded IP address in the device memory, disrupting network connectivity between the router and the controller. | ||||
| CVE-2024-22772 | 2 Hitron Systems, Hitronsystems | 3 Dvr Hvr-4781, Dvr Hvr-4781 Firmware, Dvr Lguvr-8h | 2024-11-21 | 7.4 High |
| Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | ||||
| CVE-2024-22771 | 2 Hitron Systems, Hitronsystems | 3 Dvr Hvr-4781, Dvr Hvr-4781 Firmware, Dvr Lguvr-4h Firmware | 2024-11-21 | 7.4 High |
| Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | ||||
| CVE-2024-21764 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | 9.8 Critical |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. | ||||
| CVE-2024-1661 | 1 Totolink | 1 X6000r Firmware | 2024-11-21 | 2.5 Low |
| A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1228 | 1 Eurosoft | 1 Przychodnia | 2024-11-21 | 9.8 Critical |
| Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed). | ||||
| CVE-2024-0865 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-11-21 | 7.8 High |
| CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. | ||||
| CVE-2023-6482 | 1 Synaptics | 1 Fingerprint Driver | 2024-11-21 | 5.2 Medium |
| Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. | ||||
| CVE-2023-6198 | 2024-11-21 | 9.3 Critical | ||
| Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device. | ||||
| CVE-2023-5318 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. | ||||
| CVE-2023-5074 | 1 Dlink | 1 D-view 8 | 2024-11-21 | 9.8 Critical |
| Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 | ||||
| CVE-2023-52723 | 1 Kde | 1 Libksieve | 2024-11-21 | 7.1 High |
| In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value. | ||||
| CVE-2023-50124 | 1 Flient | 2 Smart Lock Advanced, Smart Lock Advanced Firmware | 2024-11-21 | 6.8 Medium |
| Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner. | ||||
| CVE-2023-4204 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-11-21 | 5.4 Medium |
| NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation. | ||||
| CVE-2023-49224 | 2024-11-21 | 8.0 High | ||
| Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges. | ||||
| CVE-2023-49223 | 2024-11-21 | 8.8 High | ||
| Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information. | ||||
| CVE-2023-49222 | 2024-11-21 | 8.8 High | ||
| Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges. | ||||
| CVE-2023-49221 | 2024-11-21 | 7.8 High | ||
| Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service code. | ||||