Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hardcoded vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-22956
An issue exists on AudioCodes VoIP desk phones up to and including 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.
Audiocodes C470hd Firmware
Audiocodes C455hd Firmware
Audiocodes C435hd Firmware
Audiocodes 445hd Firmware
Audiocodes 405hd Firmware
Audiocodes C450hd Firmware
7.5
CVSSv3
CVE-2023-22957
An issue exists in libac_des3.so on AudioCodes VoIP desk phones up to and including 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., t...
Audiocodes C470hd Firmware
Audiocodes C455hd Firmware
Audiocodes C435hd Firmware
Audiocodes 445hd Firmware
Audiocodes 405hd Firmware
Audiocodes C450hd Firmware
NA
CVE-2020-283292
Barco wePresent device firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Versions affected include 2.5.1.8, 2.5.0.25...
9.8
CVSSv3
CVE-2014-6617
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote malicious users to obtain administrative access via a TELNET session.
Industrial.softing Fg-100 Pb Profibus Firmware Fg-x00-pb V2.02.0.00
7.5
CVSSv3
CVE-2019-9975
DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.
Dasannetworks H660rm Firmware 1.03-0022
8.8
CVSSv3
CVE-2019-9976
The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.
Dasannetworks H660rm Firmware 1.03-0022
9.8
CVSSv3
CVE-2014-9614
The Web Panel in Netsweeper prior to 4.0.5 has a default password of branding for the branding account, which makes it easier for remote malicious users to obtain access via a request to webadmin/.
Netsweeper Netsweeper
9.1
CVSSv3
CVE-2019-9974
diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote malicious users to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.
Dasannetworks H660rm Firmware 1.03-0022
9.8
CVSSv3
CVE-2016-4328
MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) prior to 2015R1 has hardcoded credentials, which makes it easier for remote malicious users to obtain sensitive information via direct requests to the application database server.
Medhost Perioperative Information Management System -
1 Article
7.5
CVSSv3
CVE-2020-14474
The Cellebrite UFED physical device 5.0 up to and including 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is t...
Cellebrite Ufed Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »