Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hardcoded vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-283292
Barco wePresent device firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Versions affected include 2.5.1.8, 2.5.0.25...
9.8
CVSSv3
CVE-2017-12574
An issue exists on PLANEX CS-W50HD devices with firmware prior to 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows malicious users to gain unauthorized access ...
Planex Cs-w50hd Firmware
9.8
CVSSv3
CVE-2018-20432
D-Link COVR-2600R and COVR-3902 Kit prior to 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated malicious users to gain privileged access to the router, and to extract sensitive data or modify the configuration.
Dlink Covr-2600r Firmware
Dlink Covr-3902 Firmware
9.1
CVSSv3
CVE-2019-9974
diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote malicious users to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.
Dasannetworks H660rm Firmware 1.03-0022
8.8
CVSSv3
CVE-2019-9976
The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.
Dasannetworks H660rm Firmware 1.03-0022
9.8
CVSSv3
CVE-2014-9614
The Web Panel in Netsweeper prior to 4.0.5 has a default password of branding for the branding account, which makes it easier for remote malicious users to obtain access via a request to webadmin/.
Netsweeper Netsweeper
7.5
CVSSv3
CVE-2019-9975
DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.
Dasannetworks H660rm Firmware 1.03-0022
9.8
CVSSv3
CVE-2014-6617
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote malicious users to obtain administrative access via a TELNET session.
Industrial.softing Fg-100 Pb Profibus Firmware Fg-x00-pb V2.02.0.00
9.8
CVSSv3
CVE-2018-18006
Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names o...
Ricoh Myprint 2.2.7
Ricoh Myprint 2.9.2.4
9.8
CVSSv3
CVE-2022-32985
libnx_apl.so on Nexans FTTO GigaSwitch prior to 6.02N and 7.x prior to 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.
Nexans Gigaswitch 641 Desk V5 Sfp-vi Firmware
Nexans Gigaswitch 642 Desk V5 Sfp-2vi Firmware
Nexans Gigaswitch V5 2tp\\(pd-f\\+\\) Sfp-vi 54vdc Firmware
Nexans Gigaswitch V5 2tp\\(pse\\+\\) Sfp-vi 54vdc Firmware
Nexans Gigaswitch V5 2tp Sfp-vi 54vdc Firmware
Nexans Gigaswitch V5 Sfp-2vi 230vac Firmware
Nexans Gigaswitch V5 Tp\\(pse\\+\\) Sfp-2vi 54vdc Firmware
Nexans Gigaswitch V5 Tp\\(pse\\+\\) Sfp-2vi 54vdc Ind Firmware
Nexans Gigaswitch V5 Tp\\(pse\\+\\) Sfp-2vi 54vdc Med Firmware
Nexans Gigaswitch V5 Tp Sfp-2vi 54vdc Firmware
Nexans Gigaswitch V5 Tp Sfp-2vi 54vdc Ind Firmware
Nexans Gigaswitch V5 Tp Sfp-2vi 54vdc Med Firmware
Nexans Gigaswitch V5 Tp Sfp-vi 230vac Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »