Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

hard-coded vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2015-8289
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and previous versions allows remote malicious users to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.
Netgear D3600 Firmware 1.0.0.49Netgear D6000 Firmware
NA
CVE-2005-2611
VERITAS Backup Exec for Windows Servers 8.6 up to and including 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 up to and including 5.1 uses a static password during authentication from the NDMP agent to the server, which allow...
Symantec Veritas Backup Exec Netware Servers 9.0.4170Symantec Veritas Backup Exec Netware Servers 9.0.4172Symantec Veritas Backup Exec Netware Servers 9.1.1152 .4Symantec Veritas Backup Exec Netware Servers 9.1.1154Symantec Veritas Backup Exec Windows Servers 8.6Symantec Veritas Backup Exec Windows Servers 9.0Symantec Veritas Backup Exec Windows Servers 9.1 Rev. 4691 Sp2Symantec Veritas Backup Exec Remote Agent Netware ServerSymantec Veritas Netbackup Netware Media Servers 4.5 Fp5Symantec Veritas Netbackup Netware Media Servers 4.5 Fp6Symantec Veritas Netbackup Netware Media Servers 4.5 Mp5Symantec Veritas Netbackup Netware Media Servers 4.5 Mp6Symantec Veritas Netbackup Netware Media Servers 5.0 Mp4Symantec Veritas Netbackup Netware Media Servers 5.0 Mp5Symantec Veritas Netbackup Netware Media Servers 5.1Symantec Veritas Backup Exec Netware Servers 9.1.1067 .2Symantec Veritas Backup Exec Netware Servers 9.1.1067 .3Symantec Veritas Backup Exec Netware Servers 9.1.1127 .1Symantec Veritas Backup Exec Netware Servers 9.1.307Symantec Veritas Backup Exec Windows Servers 10.0 Rev. 5484Symantec Veritas Backup Exec Windows Servers 9.0 Rev. 4454Symantec Veritas Backup Exec Windows Servers 9.0 Rev. 4454 Sp1
9.8
CVSSv3
CVE-2019-13352
WolfVision Cynap prior to 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN pass...
Wolfvision Cynap
7.8
CVSSv3
CVE-2016-6434
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.
Cisco Firepower Management Center 6.0.1
9.8
CVSSv3
CVE-2021-33219
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
Commscope Ruckus Iot Controller
9.1
CVSSv3
CVE-2019-15304
Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an malicious user to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermome...
Progradegrill Wifi Grilling Thermometer Firmware 1.00 50006
7.5
CVSSv3
CVE-2016-5639
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware prior to 1.4.0.13 allows remote malicious users to read arbitrary files via a .. (dot dot) in the src parameter.
Crestron Airmedia Am-100 Firmware
8.4
CVSSv3
CVE-2018-0141
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local malicious user to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploi...
Cisco Prime Collaboration Provisioning 11.6Cisco Prime Collaboration 11.6Cisco Prime Collaboration Assurance 11.6
NA
CVE-2012-1803
RuggedCom Rugged Operating System (ROS) 3.10.x and previous versions has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote malicious users to obtain access by performing a calculation on this address value, and th...
Siemens Ruggedcom Rugged Operating System
7.8
CVSSv3
CVE-2022-42973
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions p...
Schneider-electric Apc Easy Ups Online Monitoring SoftwareSchneider-electric Easy Ups Online Monitoring Software
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook