VYPR

CWE-259

Use of Hard-coded Password

VariantDraftLikelihood: High

Description

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (77)

page 3 of 4
  • CVE-2022-26388MedFeb 7, 2025
    risk 0.42cvss 6.4epss 0.00

    A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; ELI 250c/BUR 250c Resting…

  • CVE-2024-46959MedSep 18, 2024
    risk 0.42cvss 6.5epss 0.00

    runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audio stream.

  • CVE-2018-8870MedJul 3, 2018
    risk 0.42cvss 6.4epss 0.00

    Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.

  • CVE-2024-28023MedJun 11, 2024
    risk 0.37cvss 5.7epss 0.00

    A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.

  • CVE-2026-6578MedApr 19, 2026
    risk 0.36cvss 5.6epss 0.00

    A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRET_KEY results in hard-coded credentials. The attack can be…

  • CVE-2017-6039MedJun 2, 2017
    risk 0.35cvss 5.3epss 0.01

    A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device.

  • CVE-2026-11552MedJun 8, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the…

  • CVE-2026-11515MedJun 8, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file passsword_reset.php of the component Password Reset Handler. Such manipulation of the argument new_password…

  • CVE-2026-22055MedJun 3, 2026
    risk 0.34cvss epss 0.00

    Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.

  • CVE-2026-22054MedJun 3, 2026
    risk 0.34cvss epss 0.00

    Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.

  • CVE-2026-4216MedMar 16, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to…

  • CVE-2025-12676MedNov 5, 2025
    risk 0.34cvss 5.3epss 0.00

    The KiotViet Sync plugin for WordPress is vulnerable to authorizarion bypass in all versions up to, and including, 1.8.5. This is due to the plugin using a hardcoded password for authentication in the QueryControllerAdmin::authenticated function. This makes it possible for…

  • CVE-2025-2342MedMar 16, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has…

  • CVE-2025-5379MedMay 31, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as critical was found in NuCom NC-WR744G 8.5.5 Build 20200530.307. This vulnerability affects unknown code of the component Console Application. The manipulation of the argument CMCCAdmin/useradmin/CUAdmin leads to hard-coded credentials. The attack…

  • CVE-2025-2556MedMar 20, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local…

  • CVE-2024-2197MedMar 20, 2024
    risk 0.28cvss 4.3epss 0.00

    The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access…

  • CVE-2025-6139LowJun 16, 2025
    risk 0.25cvss 3.9epss 0.00

    A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within…

  • CVE-2026-6610LowApr 20, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack…

  • CVE-2025-8974LowAug 14, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the…

  • CVE-2025-7577LowJul 14, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been classified as problematic. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The complexity of an…