Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hard-coded vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-6530
Dentsply Sirona (formerly Schick) CDR Dicom 5 and previous versions has default passwords for the sa and cdr accounts, which allows remote malicious users to obtain administrative access by leveraging knowledge of these passwords.
Dentsply Sirona Cdr Dicom
NA
CVE-2016-64342
Cisco Firepower Threat Management Console has hard-coded MySQL credentials in use. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.
9.8
CVSSv3
CVE-2018-15389
A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote malicious user to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerabilit...
Cisco Prime Collaboration 12.1
5.4
CVSSv3
CVE-2018-10164
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated malicious users to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is...
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
5.4
CVSSv3
CVE-2018-10165
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated malicious users to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality....
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
7.5
CVSSv3
CVE-2018-10167
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify t...
Tp-link Eap Controller 2.6.0
Tp-link Eap Controller 2.5.4
7.8
CVSSv3
CVE-2021-33220
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. Hard-coded API Keys exist.
Commscope Ruckus Iot Controller
NA
CVE-2021-332202
API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem.
NA
CVE-2023-34284
NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent malicious users to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. T...
8.6
CVSSv3
CVE-2024-23473
The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership i...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »