VYPR

CWE-259

Use of Hard-coded Password

VariantDraftLikelihood: High

Description

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (77)

page 4 of 4
  • CVE-2025-7453LowJul 11, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipulation with the input 123 leads to use…

  • CVE-2025-7080LowJul 6, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument…

  • CVE-2025-7079LowJul 6, 2025
    risk 0.24cvss 3.7epss 0.01

    A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the…

  • CVE-2025-6932LowJun 30, 2025
    risk 0.24cvss 3.7epss 0.01

    A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of hard-coded password. It is…

  • CVE-2026-4993LowMar 28, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has…

  • CVE-2026-4219LowMar 16, 2026
    risk 0.21cvss 3.3epss 0.00

    A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of…

  • CVE-2026-2702LowFeb 19, 2026
    risk 0.20cvss 3.1epss 0.00

    A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. This issue affects some unknown processing of the component WPA2 PSK. Performing a manipulation results in hard-coded credentials. The attacker must have access to the local network to execute the attack. The…

  • CVE-2025-2555LowMar 20, 2025
    risk 0.19cvss 2.9epss 0.00

    A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an…

  • CVE-2025-9731LowAug 31, 2025
    risk 0.16cvss 2.5epss 0.00

    A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The…

  • CVE-2025-9725LowAug 31, 2025
    risk 0.16cvss 2.5epss 0.00

    A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity…

  • CVE-2025-9309LowAug 21, 2025
    risk 0.16cvss 2.5epss 0.00

    A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is…

  • CVE-2025-9091LowAug 17, 2025
    risk 0.16cvss 2.5epss 0.00

    A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an…

  • CVE-2025-9806LowSep 2, 2025
    risk 0.12cvss 1.9epss 0.00

    A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed…

  • CVE-2025-9778LowSep 1, 2025
    risk 0.12cvss 1.9epss 0.00

    A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The…

  • CVE-2012-5862Nov 23, 2012
    risk 0.04cvss epss 0.12

    These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.

  • CVE-2014-5405Apr 3, 2015
    risk 0.00cvss epss 0.02

    Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

  • CVE-2014-2363Jul 26, 2014
    risk 0.00cvss epss 0.02

    Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.