Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hard-coded vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-4062
A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activat...
Sierrawireless Airlink Es450 Firmware 4.9.3
9.8
CVSSv3
CVE-2015-8362
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices prior to 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote malicious users to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-20...
Harman Amx Firmware 1.2.322
Harman Amx Firmware 1.3.100
9.8
CVSSv3
CVE-2016-6532
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote malicious users to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session.
Dexis Imaging Suite
9.8
CVSSv3
CVE-2022-3214
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer a...
Deltaww Diaenergie
NA
CVE-2024-0865
This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The speci...
5.4
CVSSv3
CVE-2018-10164
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated malicious users to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is...
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
NA
CVE-2018-101643
TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities.
5.4
CVSSv3
CVE-2018-10165
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated malicious users to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality....
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
8.8
CVSSv3
CVE-2018-10166
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an malicious user to submit authenticated requests when an authenticated user browses an attack-contr...
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
7.5
CVSSv3
CVE-2018-10167
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify t...
Tp-link Eap Controller 2.6.0
Tp-link Eap Controller 2.5.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »