Total
1479 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51547 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2025-05-23 | 9.8 Critical |
| Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||||
| CVE-2025-30113 | 1 Hella | 2 Dr 820, Dr 820 Firmware | 2025-05-22 | 9.8 Critical |
| An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. These credentials, stored in cleartext, can be exploited by an attacker who gains access to the dashcam's network. | ||||
| CVE-2024-23687 | 1 Openlibraryfoundation | 1 Mod-data-export-spring | 2025-05-22 | 9.1 Critical |
| Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines. | ||||
| CVE-2019-13543 | 1 Medtronic | 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more | 2025-05-22 | 5.8 Medium |
| Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. | ||||
| CVE-2018-8870 | 1 Medtronic | 4 24950 Mycarelink Monitor, 24950 Mycarelink Monitor Firmware, 24952 Mycarelink Monitor and 1 more | 2025-05-22 | 6.4 Medium |
| Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. | ||||
| CVE-2024-22770 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2025-05-22 | 7.4 High |
| Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | ||||
| CVE-2025-48413 | 2025-05-21 | 7.7 High | ||
| The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to log into the device. Authentication can be performed via SSH backdoor or likely via physical access (UART shell). | ||||
| CVE-2025-48414 | 2025-05-21 | 6.5 Medium | ||
| There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack surface. | ||||
| CVE-2022-36159 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2025-05-21 | 8.8 High |
| Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware. | ||||
| CVE-2022-22522 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2025-05-21 | 9.8 Critical |
| In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device. | ||||
| CVE-2025-45746 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-05-21 | 6.5 Medium |
| In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform. | ||||
| CVE-2022-28812 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2025-05-20 | 9.8 Critical |
| In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device. | ||||
| CVE-2022-34462 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | 8.4 High |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | ||||
| CVE-2022-34441 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | 8 High |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | ||||
| CVE-2022-34440 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | 8.4 High |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | ||||
| CVE-2022-34442 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | 8 High |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | ||||
| CVE-2023-32145 | 2 D-link, Dlink | 5 Dap-1360, Dap-1360, Dap-1360 Firmware and 2 more | 2025-05-16 | 8.8 High |
| D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-18455. | ||||
| CVE-2023-38995 | 1 Schuhfried | 1 Schuhfried | 2025-05-15 | 9.8 Critical |
| An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command. | ||||
| CVE-2022-41540 | 1 Tp-link | 2 Ax10, Ax10 Firmware | 2025-05-15 | 5.9 Medium |
| The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information. | ||||
| CVE-2023-35724 | 1 Dlink | 2 Dap-2622, Dap-2622 Firmware | 2025-05-13 | 8.8 High |
| D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The server program contains hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20050. | ||||