CWE-798
Use of Hard-coded Credentials
Description
The product contains hard-coded credentials, such as a password or cryptographic key.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-191 · CAPEC-70
CVEs mapped to this weakness (556)
page 1 of 28| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-125115 | Cri | 0.74 | — | 0.02 | Jul 25, 2025 | An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhash_data parameter, allowing attackers to extract administrator credentials or active session tokens… | ||
| CVE-2014-125121 | Cri | 0.73 | — | 0.01 | Jul 31, 2025 | Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a startup script. The devices ship with a… | ||
| CVE-2017-14143 | Cri | 0.73 | 9.8 | 0.76 | Sep 19, 2017 | The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via… | ||
| CVE-2016-1560 | Cri | 0.72 | 9.8 | 0.72 | Apr 21, 2017 | ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. | ||
| CVE-2025-8730 | Cri | 0.70 | 9.8 | 0.03 | Aug 8, 2025 | A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The… | ||
| CVE-2018-11094 | Cri | 0.70 | 9.8 | 0.36 | May 15, 2018 | An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the… | ||
| CVE-2018-16158 | Cri | 0.69 | 9.8 | 0.35 | Aug 30, 2018 | Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the… | ||
| CVE-2018-11509 | Cri | 0.68 | 9.8 | 0.13 | Aug 16, 2018 | ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell. | ||
| CVE-2018-9161 | Cri | 0.68 | 9.8 | 0.59 | Mar 31, 2018 | Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js. | ||
| CVE-2015-4667 | Cri | 0.68 | 9.8 | 0.11 | Sep 25, 2017 | Multiple hardcoded credentials in Xsuite 2.x. | ||
| CVE-2015-7246 | Cri | 0.68 | 9.8 | 0.14 | Apr 24, 2017 | D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | ||
| CVE-2017-7462 | Cri | 0.68 | 9.8 | 0.13 | Apr 11, 2017 | Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory. | ||
| CVE-2017-6558 | Cri | 0.68 | 9.8 | 0.15 | Mar 9, 2017 | iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. | ||
| CVE-2008-1160 | Cri | 0.68 | 9.8 | 0.15 | Mar 25, 2008 | ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. | ||
| CVE-2018-10575 | Cri | 0.67 | 9.8 | 0.09 | Apr 30, 2018 | An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false. | ||
| CVE-2018-5723 | Cri | 0.67 | 9.8 | 0.10 | Jan 16, 2018 | MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account. | ||
| CVE-2017-8224 | Cri | 0.67 | 9.8 | 0.09 | Apr 25, 2017 | Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET. | ||
| CVE-2016-5678 | Cri | 0.67 | 9.8 | 0.09 | Aug 31, 2016 | NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | ||
| CVE-2017-6403 | Cri | 0.66 | 9.8 | 0.27 | Mar 2, 2017 | An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password. | ||
| CVE-2025-69426 | Cri | 0.65 | — | 0.00 | Jan 9, 2026 | The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables… |
- risk 0.74cvss —epss 0.02
An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhash_data parameter, allowing attackers to extract administrator credentials or active session tokens…
- risk 0.73cvss —epss 0.01
Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a startup script. The devices ship with a…
- risk 0.73cvss 9.8epss 0.76
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via…
- risk 0.72cvss 9.8epss 0.72
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session.
- risk 0.70cvss 9.8epss 0.03
A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The…
- risk 0.70cvss 9.8epss 0.36
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the…
- risk 0.69cvss 9.8epss 0.35
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the…
- risk 0.68cvss 9.8epss 0.13
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.
- risk 0.68cvss 9.8epss 0.59
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.
- risk 0.68cvss 9.8epss 0.11
Multiple hardcoded credentials in Xsuite 2.x.
- risk 0.68cvss 9.8epss 0.14
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
- risk 0.68cvss 9.8epss 0.13
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.
- risk 0.68cvss 9.8epss 0.15
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file.
- risk 0.68cvss 9.8epss 0.15
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.
- risk 0.67cvss 9.8epss 0.09
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.
- risk 0.67cvss 9.8epss 0.10
MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.
- risk 0.67cvss 9.8epss 0.09
Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.
- risk 0.67cvss 9.8epss 0.09
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
- risk 0.66cvss 9.8epss 0.27
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.
- risk 0.65cvss —epss 0.00
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables…