Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hard-coded vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2023-22429
Android App 'Wolt Delivery: Food and more' version 4.27.2 and previous versions uses hard-coded credentials (API key for an external service), which may allow a local malicious user to obtain the hard-coded API key via reverse-engineering the application binary.
Wolt Wolt Delivery
9.8
CVSSv3
CVE-2023-23770
Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.
Motorola Mbts Site Controller Firmware R05.32.58
8.4
CVSSv3
CVE-2023-23771
Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.
Motorola Mbts Base Radio Firmware R05.x2.57
9.8
CVSSv3
CVE-2017-11614
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial informatio...
Medhost Connex -
7.3
CVSSv3
CVE-2022-26671
Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service.
Secom Dr.id Access Control 3.3.2
Secom Dr.id Attendance System 3.4.0.0.3.11
7.2
CVSSv3
CVE-2020-2499
A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow malicious users to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.
Qnap Qes
Qnap Qes 2.1.1
7.5
CVSSv3
CVE-2021-24005
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions prior to 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key.
Fortinet Fortiauthenticator
9.8
CVSSv3
CVE-2022-34441
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin p...
Dell Emc Secure Connect Gateway Policy Manager
9.8
CVSSv3
CVE-2022-34440
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin pr...
Dell Emc Secure Connect Gateway Policy Manager
5.5
CVSSv3
CVE-2024-23453
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local malicious user to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.
Spooncast Spoon
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »