Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hard-coded vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-15389
A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote malicious user to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerabilit...
Cisco Prime Collaboration 12.1
7.2
CVSSv3
CVE-2023-31808
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled.
Technicolor Tg670 Firmware 10.5.n.9
7.5
CVSSv3
CVE-2018-10167
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify t...
Tp-link Eap Controller 2.6.0
Tp-link Eap Controller 2.5.4
NA
CVE-2021-332182
Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem.
8.8
CVSSv3
CVE-2018-10166
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an malicious user to submit authenticated requests when an authenticated user browses an attack-contr...
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
8.8
CVSSv3
CVE-2018-10168
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
NA
CVE-2023-34284
NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent malicious users to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. T...
NA
CVE-2021-332202
API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem.
8.6
CVSSv3
CVE-2024-23473
The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in ...
9.8
CVSSv3
CVE-2015-8286
Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote malicious users to obtain access via a session on TCP port 23 or 9000.
Zhuhai Raysharp Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »