Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hardcoded vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2019-0034
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a vulnerability. Notes: Google gRPC credentials were found which existed for specific internal product testing purposes which are not u...
1 Article
NA
CVE-2023-51629
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the ONVIF API. The issue r...
890
VMScore
CVE-2017-17106
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages.
Zivif Pr115-204-p-rs Firmware 2.3.4.2103
891
VMScore
CVE-2017-17107
Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session.
Zivif Pr115-204-p-rs Firmware 2.3.4.2103
1000
VMScore
CVE-2013-6236
IZON IP 2.0.2: hard-coded password vulnerability
Izoncam Izon Ip Firmware 2.0.2
1 EDB exploit
NA
CVE-2023-39482
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
935
VMScore
CVE-2014-0329
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote malicious users to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the pass...
Zte Zxv10 W300 2.1.0
1 EDB exploit
890
VMScore
CVE-2012-1288
The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote malicious users to obtain access via an HTTP session.
Utc Utc Fire \\& Security Ge-mc100-ntp\\/gps-zb Master Clock Device -
NA
CVE-2023-35724
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The ser...
668
VMScore
CVE-2020-28329
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25,...
Barco Wepresent Wipg-1600w Firmware 2.4.1.19
Barco Wepresent Wipg-1600w Firmware 2.5.0.24
Barco Wepresent Wipg-1600w Firmware 2.5.0.25
Barco Wepresent Wipg-1600w Firmware 2.5.1.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »