CWE-798
Use of Hard-coded Credentials
BaseDraftLikelihood: High
Description
The product contains hard-coded credentials, such as a password or cryptographic key.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-191 · CAPEC-70
CVEs mapped to this weakness (354)
page 11 of 18| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-27255 | Hig | 0.52 | 8.0 | 0.00 | Mar 10, 2025 | Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code. | |
| CVE-2023-49224 | Hig | 0.52 | 8.0 | 0.01 | Jun 7, 2024 | Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges. | |
| CVE-2017-2283 | Hig | 0.52 | 8.0 | 0.00 | Aug 2, 2017 | WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | |
| CVE-2025-15371 | Hig | 0.51 | 7.8 | 0.00 | Dec 31, 2025 | A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-9380 | Hig | 0.51 | 7.8 | 0.00 | Aug 24, 2025 | A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-7564 | Hig | 0.51 | 7.8 | 0.00 | Jul 14, 2025 | A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2024-50593 | Hig | 0.51 | 7.8 | 0.00 | Nov 8, 2024 | An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software. | |
| CVE-2023-49221 | Hig | 0.51 | 7.8 | 0.00 | Jun 7, 2024 | Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service code. | |
| CVE-2017-11026 | Hig | 0.51 | 7.8 | 0.00 | Nov 16, 2017 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys. | |
| CVE-2017-14376 | Hig | 0.51 | 7.8 | 0.00 | Nov 1, 2017 | EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. | |
| CVE-2017-14428 | Hig | 0.51 | 7.8 | 0.00 | Sep 13, 2017 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions. | |
| CVE-2017-14426 | Hig | 0.51 | 7.8 | 0.00 | Sep 13, 2017 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions. | |
| CVE-2016-2948 | Hig | 0.51 | 7.8 | 0.00 | Nov 30, 2016 | IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. | |
| CVE-2010-2772 | Hig | 0.51 | 7.8 | 0.00 | Jul 22, 2010 | Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. | |
| CVE-2006-7142 | Hig | 0.51 | 7.8 | 0.00 | Mar 7, 2007 | The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive. | |
| CVE-2025-54872 | Hig | 0.50 | — | 0.00 | Aug 6, 2025 | onion-site-template is a complete, scalable tor hidden service self-hosting sample. Versions which include commit 3196bd89 contain a baked-in tor image if the secrets were copied from an existing onion domain. A website could be compromised if a user shared the baked-in image, or if someone were able to acquire access to the user's device outside of a containerized environment. This is fixed by commit bc9ba0fd. | |
| CVE-2025-4569 | Hig | 0.50 | — | 0.00 | Jul 21, 2025 | An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information. | |
| CVE-2025-48413 | Hig | 0.50 | 7.7 | 0.00 | May 21, 2025 | The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to log into the device. Authentication can be performed via SSH backdoor or likely via physical access (UART shell). | |
| CVE-2016-10179 | Hig | 0.50 | 7.5 | 0.12 | Jan 30, 2017 | An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607. | |
| CVE-2020-37220 | Hig | 0.49 | 7.5 | 0.00 | May 13, 2026 | Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, then use the last 8 characters as the default password to login to the router. |