Total
1205 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25561 | 1 Sapphireims | 1 Sapphireims | 2021-08-16 | 4.6 MEDIUM | 7.8 HIGH |
| SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client. | |||||
| CVE-2021-27952 | 1 Ecobee | 2 Ecobee3 Lite, Ecobee3 Lite Firmware | 2021-08-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console. | |||||
| CVE-2021-27503 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2021-08-11 | 5.8 MEDIUM | 4.8 MEDIUM |
| Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on hard-coded secrets, which allows man-in-the-middle attackers to tamper with messages. | |||||
| CVE-2021-31579 | 1 Akkadianlabs | 2 Ova Appliance, Provisioning Manager | 2021-08-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). | |||||
| CVE-2018-10898 | 2 Openstack, Redhat | 2 Tripleo Heat Templates, Openstack | 2021-08-04 | 5.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials. | |||||
| CVE-2021-35961 | 1 Secom | 1 Dr.id Access Control | 2021-08-02 | 10.0 HIGH | 9.8 CRITICAL |
| Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission. | |||||
| CVE-2020-5349 | 1 Dell | 13 Emc Powerswitch S4112f-on, Emc Powerswitch S4112t-on, Emc Powerswitch S4128f-on and 10 more | 2021-07-29 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC Networking S4100 and S5200 Series Switches manufactured prior to February 2020 contain a hardcoded credential vulnerability. A remote unauthenticated malicious user could exploit this vulnerability and gain administrative privileges. | |||||
| CVE-2021-22707 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2021-07-28 | 10.0 HIGH | 9.8 CRITICAL |
| A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges. | |||||
| CVE-2021-22730 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2021-07-28 | 10.0 HIGH | 9.8 CRITICAL |
| A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could an attacker to gain unauthorized administrative privileges when accessing to the charging station web server. | |||||
| CVE-2021-33529 | 1 Weidmueller | 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more | 2021-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device. | |||||
| CVE-2021-33531 | 1 Weidmueller | 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more | 2021-07-27 | 9.0 HIGH | 8.8 HIGH |
| In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability. | |||||
| CVE-2021-0279 | 1 Juniper | 1 Contrail Cloud | 2021-07-27 | 5.5 MEDIUM | 5.5 MEDIUM |
| Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0. | |||||
| CVE-2020-6882 | 1 Zte | 6 Zxhn E8810, Zxhn E8810 Firmware, Zxhn E8820 and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13> | |||||
| CVE-2020-12627 | 1 Calibre-web Project | 1 Calibre-web | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key. | |||||
| CVE-2020-24053 | 1 Moog | 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | |||||
| CVE-2020-27181 | 1 Konzept-ix | 1 Publixone | 2021-07-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files. | |||||
| CVE-2019-15075 | 1 Inextrix | 1 Astpp | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key. | |||||
| CVE-2020-24056 | 1 Verint | 6 4320, 4320 Firmware, 5620ptz and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | |||||
| CVE-2020-9306 | 1 Tesla | 1 Solarcity Solar Monitoring Gateway | 2021-07-21 | 5.8 MEDIUM | 8.8 HIGH |
| Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. | |||||
| CVE-2020-25493 | 1 Oclean | 1 Oclean | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic. | |||||