VYPR

CWE-259

Use of Hard-coded Password

VariantDraftLikelihood: High

Description

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (77)

page 2 of 4
  • CVE-2025-15371HigDec 31, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be…

  • CVE-2025-9380HigAug 24, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this…

  • CVE-2025-7564HigJul 14, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required…

  • CVE-2024-5275HigJun 18, 2024
    risk 0.51cvss 7.8epss 0.00

    A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack…

  • CVE-2025-58081HigAug 28, 2025
    risk 0.49cvss 7.5epss 0.00

    Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to view arbitrary files with root privileges.

  • CVE-2025-2343HigMar 16, 2025
    risk 0.49cvss 7.5epss 0.00

    A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is…

  • CVE-2024-2038HigMay 23, 2024
    risk 0.49cvss 7.5epss 0.00

    The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This…

  • CVE-2024-29011HigMay 1, 2024
    risk 0.49cvss 7.5epss 0.01

    Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions.

  • CVE-2026-8032HigMay 6, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KEY causes hard-coded credentials. The attack is possible to be carried out…

  • CVE-2026-7579HigMay 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the…

  • CVE-2026-6574HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be…

  • CVE-2025-13252HigNov 16, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be…

  • CVE-2025-11284HigOct 5, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization…

  • CVE-2024-11630HigNov 22, 2024
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been found in E-Lins H685, H685f, H700, H720, H750, H820, H820Q, H820Q0 and H900 up to 3.2 and classified as critical. This vulnerability affects unknown code of the component OEM Backend. The manipulation leads to hard-coded credentials. The attack can be…

  • CVE-2025-11649HigOct 12, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is…

  • CVE-2024-27164HigJun 14, 2024
    risk 0.46cvss 7.1epss 0.00

    Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL.

  • CVE-2025-11666MedOct 13, 2025
    risk 0.44cvss 6.7epss 0.00

    A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can…

  • CVE-2025-8231MedJul 27, 2025
    risk 0.44cvss 6.8epss 0.01

    A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on…

  • CVE-2025-57175MedApr 8, 2026
    risk 0.42cvss 6.4epss 0.00

    Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password.

  • CVE-2025-61330MedOct 16, 2025
    risk 0.42cvss 6.5epss 0.00

    A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence…