CWE-259
Use of Hard-coded Password
Description
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (77)
page 4 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-7453 | Low | 0.24 | 3.7 | 0.00 | Jul 11, 2025 | A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipulation with the input 123 leads to use… | ||
| CVE-2025-7080 | Low | 0.24 | 3.7 | 0.00 | Jul 6, 2025 | A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument… | ||
| CVE-2025-7079 | — | Low | 0.24 | 3.7 | 0.01 | Jul 6, 2025 | A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the… | |
| CVE-2025-6932 | Low | 0.24 | 3.7 | 0.01 | Jun 30, 2025 | A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of hard-coded password. It is… | ||
| CVE-2026-4993 | Low | 0.21 | 3.3 | 0.00 | Mar 28, 2026 | A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has… | ||
| CVE-2026-4219 | Low | 0.21 | 3.3 | 0.00 | Mar 16, 2026 | A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of… | ||
| CVE-2026-2702 | Low | 0.20 | 3.1 | 0.00 | Feb 19, 2026 | A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. This issue affects some unknown processing of the component WPA2 PSK. Performing a manipulation results in hard-coded credentials. The attacker must have access to the local network to execute the attack. The… | ||
| CVE-2025-2555 | Low | 0.19 | 2.9 | 0.00 | Mar 20, 2025 | A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an… | ||
| CVE-2025-9731 | Low | 0.16 | 2.5 | 0.00 | Aug 31, 2025 | A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The… | ||
| CVE-2025-9725 | Low | 0.16 | 2.5 | 0.00 | Aug 31, 2025 | A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity… | ||
| CVE-2025-9309 | Low | 0.16 | 2.5 | 0.00 | Aug 21, 2025 | A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is… | ||
| CVE-2025-9091 | Low | 0.16 | 2.5 | 0.00 | Aug 17, 2025 | A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an… | ||
| CVE-2025-9806 | Low | 0.12 | 1.9 | 0.00 | Sep 2, 2025 | A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed… | ||
| CVE-2025-9778 | Low | 0.12 | 1.9 | 0.00 | Sep 1, 2025 | A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The… | ||
| CVE-2012-5862 | 0.04 | — | 0.12 | Nov 23, 2012 | These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access. | |||
| CVE-2014-5405 | 0.00 | — | 0.02 | Apr 3, 2015 | Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. | |||
| CVE-2014-2363 | 0.00 | — | 0.02 | Jul 26, 2014 | Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request. |
- risk 0.24cvss 3.7epss 0.00
A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipulation with the input 123 leads to use…
- risk 0.24cvss 3.7epss 0.00
A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument…
- risk 0.24cvss 3.7epss 0.01
A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the…
- risk 0.24cvss 3.7epss 0.01
A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of hard-coded password. It is…
- risk 0.21cvss 3.3epss 0.00
A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has…
- risk 0.21cvss 3.3epss 0.00
A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of…
- risk 0.20cvss 3.1epss 0.00
A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. This issue affects some unknown processing of the component WPA2 PSK. Performing a manipulation results in hard-coded credentials. The attacker must have access to the local network to execute the attack. The…
- risk 0.19cvss 2.9epss 0.00
A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an…
- risk 0.16cvss 2.5epss 0.00
A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The…
- risk 0.16cvss 2.5epss 0.00
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity…
- risk 0.16cvss 2.5epss 0.00
A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is…
- risk 0.16cvss 2.5epss 0.00
A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an…
- risk 0.12cvss 1.9epss 0.00
A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed…
- risk 0.12cvss 1.9epss 0.00
A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The…
- CVE-2012-5862Nov 23, 2012risk 0.04cvss —epss 0.12
These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.
- CVE-2014-5405Apr 3, 2015risk 0.00cvss —epss 0.02
Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
- CVE-2014-2363Jul 26, 2014risk 0.00cvss —epss 0.02
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.