Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hard-coded vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-332182
Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem.
8.8
CVSSv3
CVE-2018-10168
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
9.8
CVSSv3
CVE-2018-15389
A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote malicious user to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerabilit...
Cisco Prime Collaboration 12.1
7.2
CVSSv3
CVE-2023-31808
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled.
Technicolor Tg670 Firmware 10.5.n.9
9.8
CVSSv3
CVE-2016-6530
Dentsply Sirona (formerly Schick) CDR Dicom 5 and previous versions has default passwords for the sa and cdr accounts, which allows remote malicious users to obtain administrative access by leveraging knowledge of these passwords.
Dentsply Sirona Cdr Dicom
NA
CVE-2016-64342
Cisco Firepower Threat Management Console has hard-coded MySQL credentials in use. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.
8.6
CVSSv3
CVE-2024-23473
The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in ...
NA
CVE-2021-332202
API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem.
NA
CVE-2023-34284
NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent malicious users to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. T...
7.8
CVSSv3
CVE-2021-33220
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. Hard-coded API Keys exist.
Commscope Ruckus Iot Controller
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »