Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hard-coded vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2016-2363
Fonality (previously trixbox Pro) 12.6 up to and including 14.1i prior to 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account.
Fonality Fonality 12.6
Fonality Fonality 14.1i
Fonality Fonality 12.8
NA
CVE-2021-332192
An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer.
10
CVSSv2
CVE-2016-2343
Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote malicious users to obtain sensitive Dental.DB patient information via SQL statements.
Patterson Dental Eaglesoft 17.0
10
CVSSv2
CVE-2016-2362
Fonality (previously trixbox Pro) 12.6 up to and including 14.1i prior to 2016-06-01 has a hardcoded password for the FTP account, which allows remote malicious users to obtain access via a (1) FTP or (2) SSH connection.
Fonality Fonality 12.6
Fonality Fonality 12.8
Fonality Fonality 14.1i
5
CVSSv2
CVE-2016-2364
The Chrome HUDweb plugin prior to 2016-05-05 for Fonality (previously trixbox Pro) 12.6 up to and including 14.1i uses the same hardcoded private key across different customers' installations, which allows remote malicious users to defeat cryptographic protection mechanisms ...
Fonality Hud Web
Fonality Fonality 12.8
Fonality Fonality 12.6
Fonality Fonality 14.1i
NA
CVE-2023-2611
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.
Advantech R-seenet
10
CVSSv2
CVE-2013-6236
IZON IP 2.0.2: hard-coded password vulnerability
Izoncam Izon Ip Firmware 2.0.2
1 EDB exploit
9.3
CVSSv2
CVE-2014-0329
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote malicious users to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the pass...
Zte Zxv10 W300 2.1.0
1 EDB exploit
6.8
CVSSv2
CVE-2021-23845
This vulnerability could allow an malicious user to hijack a session while a user is logged in the configuration web page. This vulnerability exists by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already ...
Bosch B426 Firmware
Bosch B426-cn Firmware
Bosch B429-cn Firmware
Bosch B426-m Firmware
8.3
CVSSv2
CVE-2021-27254
This vulnerability allows network-adjacent malicious users to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the u...
Netgear Br200 Firmware
Netgear Br500 Firmware
Netgear D7800 Firmware
Netgear Ex6100v2 Firmware
Netgear Ex6150v2 Firmware
Netgear Ex6250 Firmware
Netgear Ex6400 Firmware
Netgear Ex6400v2 Firmware
Netgear Ex6410 Firmware
Netgear Ex6420 Firmware
Netgear Ex7300 Firmware
Netgear Ex7300v2 Firmware
Netgear Ex7320 Firmware
Netgear Ex7700 Firmware
Netgear Ex8000 Firmware
Netgear Lbr20 Firmware
Netgear R7800 Firmware
Netgear R8900 Firmware
Netgear R9000 Firmware
Netgear Rbk12 Firmware
Netgear Rbk13 Firmware
Netgear Rbk14 Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »