VYPR

CWE-259

Use of Hard-coded Password

VariantDraftLikelihood: High

Description

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (77)

page 1 of 4
  • CVE-2025-8730CriAug 8, 2025
    risk 0.70cvss 9.8epss 0.03

    A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The…

  • CVE-2026-35905CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account.

  • CVE-2026-7251CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.01

    Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the…

  • CVE-2025-70041CriMar 11, 2026
    risk 0.64cvss 9.8epss 0.00

    An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master.

  • CVE-2025-11126CriSep 29, 2025
    risk 0.64cvss 9.8epss 0.01

    A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation results in hard-coded credentials. The attack may be performed from remote. The exploit has been released to the public…

  • CVE-2024-4996CriDec 18, 2024
    risk 0.64cvss 9.8epss 0.01

    Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP installations. This issue affects Wapro ERP Desktop…

  • CVE-2024-25825CriOct 9, 2024
    risk 0.64cvss 9.8epss 0.01

    FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password.

  • CVE-2024-27488CriApr 8, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate…

  • CVE-2017-6022CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.02

    A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged…

  • CVE-2016-9358CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.02

    A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single…

  • CVE-2024-34539CriJun 14, 2024
    risk 0.61cvss 9.4epss 0.01

    Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions.

  • CVE-2026-4475HigMar 20, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The…

  • CVE-2026-2616HigFeb 17, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has…

  • CVE-2025-14126HigDec 6, 2025
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been…

  • CVE-2025-30106HigMar 18, 2025
    risk 0.57cvss 8.8epss 0.00

    On IROAD v9 devices, the dashcam has hardcoded default credentials ("qwertyuiop") that cannot be changed by the user. This allows an attacker within Wi-Fi range to connect to the device's network to perform sniffing.

  • CVE-2023-49963HigApr 19, 2024
    risk 0.57cvss 8.8epss 0.00

    DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded password that could allow an attacker to take control.

  • CVE-2025-70802HigMar 10, 2026
    risk 0.55cvss 8.4epss 0.00

    Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.

  • CVE-2025-70798HigMar 10, 2026
    risk 0.55cvss 8.4epss 0.00

    Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.

  • CVE-2025-3920HigJul 7, 2025
    risk 0.55cvss epss 0.00

    A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation…

  • CVE-2025-54754HigSep 18, 2025
    risk 0.52cvss 8.0epss 0.00

    An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to decrypt sensitive network traffic, affecting the Cognex device.