CWE-259
Use of Hard-coded Password
Description
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (77)
page 2 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15371 | Hig | 0.51 | 7.8 | 0.00 | Dec 31, 2025 | A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be… | ||
| CVE-2025-9380 | Hig | 0.51 | 7.8 | 0.00 | Aug 24, 2025 | A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this… | ||
| CVE-2025-7564 | Hig | 0.51 | 7.8 | 0.00 | Jul 14, 2025 | A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required… | ||
| CVE-2024-5275 | Hig | 0.51 | 7.8 | 0.00 | Jun 18, 2024 | A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack… | ||
| CVE-2025-58081 | — | Hig | 0.49 | 7.5 | 0.00 | Aug 28, 2025 | Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to view arbitrary files with root privileges. | |
| CVE-2025-2343 | Hig | 0.49 | 7.5 | 0.00 | Mar 16, 2025 | A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is… | ||
| CVE-2024-2038 | Hig | 0.49 | 7.5 | 0.00 | May 23, 2024 | The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This… | ||
| CVE-2024-29011 | Hig | 0.49 | 7.5 | 0.01 | May 1, 2024 | Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions. | ||
| CVE-2026-8032 | Hig | 0.47 | 7.3 | 0.00 | May 6, 2026 | A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KEY causes hard-coded credentials. The attack is possible to be carried out… | ||
| CVE-2026-7579 | — | Hig | 0.47 | 7.3 | 0.00 | May 1, 2026 | A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the… | |
| CVE-2026-6574 | Hig | 0.47 | 7.3 | 0.00 | Apr 19, 2026 | A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be… | ||
| CVE-2025-13252 | Hig | 0.47 | 7.3 | 0.00 | Nov 16, 2025 | A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be… | ||
| CVE-2025-11284 | Hig | 0.47 | 7.3 | 0.00 | Oct 5, 2025 | A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization… | ||
| CVE-2024-11630 | Hig | 0.47 | 7.3 | 0.01 | Nov 22, 2024 | A vulnerability has been found in E-Lins H685, H685f, H700, H720, H750, H820, H820Q, H820Q0 and H900 up to 3.2 and classified as critical. This vulnerability affects unknown code of the component OEM Backend. The manipulation leads to hard-coded credentials. The attack can be… | ||
| CVE-2025-11649 | Hig | 0.46 | 7.0 | 0.00 | Oct 12, 2025 | A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is… | ||
| CVE-2024-27164 | — | Hig | 0.46 | 7.1 | 0.00 | Jun 14, 2024 | Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL. | |
| CVE-2025-11666 | Med | 0.44 | 6.7 | 0.00 | Oct 13, 2025 | A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can… | ||
| CVE-2025-8231 | Med | 0.44 | 6.8 | 0.01 | Jul 27, 2025 | A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on… | ||
| CVE-2025-57175 | Med | 0.42 | 6.4 | 0.00 | Apr 8, 2026 | Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password. | ||
| CVE-2025-61330 | — | Med | 0.42 | 6.5 | 0.00 | Oct 16, 2025 | A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence… |
- risk 0.51cvss 7.8epss 0.00
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be…
- risk 0.51cvss 7.8epss 0.00
A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this…
- risk 0.51cvss 7.8epss 0.00
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required…
- risk 0.51cvss 7.8epss 0.00
A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack…
- risk 0.49cvss 7.5epss 0.00
Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to view arbitrary files with root privileges.
- risk 0.49cvss 7.5epss 0.00
A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is…
- risk 0.49cvss 7.5epss 0.00
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This…
- risk 0.49cvss 7.5epss 0.01
Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions.
- risk 0.47cvss 7.3epss 0.00
A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KEY causes hard-coded credentials. The attack is possible to be carried out…
- risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization…
- risk 0.47cvss 7.3epss 0.01
A vulnerability has been found in E-Lins H685, H685f, H700, H720, H750, H820, H820Q, H820Q0 and H900 up to 3.2 and classified as critical. This vulnerability affects unknown code of the component OEM Backend. The manipulation leads to hard-coded credentials. The attack can be…
- risk 0.46cvss 7.0epss 0.00
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is…
- risk 0.46cvss 7.1epss 0.00
Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL.
- risk 0.44cvss 6.7epss 0.00
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can…
- risk 0.44cvss 6.8epss 0.01
A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on…
- risk 0.42cvss 6.4epss 0.00
Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password.
- risk 0.42cvss 6.5epss 0.00
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence…