VYPR

CWE-798

Use of Hard-coded Credentials

BaseDraftLikelihood: High

Description

The product contains hard-coded credentials, such as a password or cryptographic key.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-191 · CAPEC-70

CVEs mapped to this weakness (556)

page 24 of 28
  • CVE-2017-12725MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.01

    A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The…

  • CVE-2025-66454MedDec 2, 2025
    risk 0.35cvss 6.5epss 0.00

    Arcade MCP allows you to to create, deploy, and share MCP Servers. Prior to 1.5.4, the arcade-mcp HTTP server uses a hardcoded default worker secret ("dev") that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows…

  • CVE-2025-60639MedOct 16, 2025
    risk 0.35cvss 6.5epss 0.00

    Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26).

  • CVE-2024-57790MedFeb 14, 2025
    risk 0.35cvss 5.4epss 0.00

    IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH.

  • CVE-2018-0329MedJun 7, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due…

  • CVE-2017-2720MedNov 22, 2017
    risk 0.35cvss 5.3epss 0.01

    FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in…

  • CVE-2017-10616MedOct 13, 2017
    risk 0.35cvss 5.3epss 0.01

    The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be…

  • CVE-2017-6039MedJun 2, 2017
    risk 0.35cvss 5.3epss 0.01

    A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device.

  • CVE-2026-4216MedMar 16, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to…

  • CVE-2025-58659MedSep 22, 2025
    risk 0.34cvss 5.3epss 0.00

    Use of Hard-coded Credentials vulnerability in Essekia Helpie FAQ helpie-faq allows Retrieve Embedded Sensitive Data.This issue affects Helpie FAQ: from n/a through <= 1.45.

  • CVE-2025-58656MedSep 22, 2025
    risk 0.34cvss 5.3epss 0.00

    Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce estonian-shipping-methods-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Estonian Shipping Methods for WooCommerce: from n/a through <= 1.7.2.

  • CVE-2025-58269MedSep 22, 2025
    risk 0.34cvss 5.3epss 0.00

    Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 2.6.25.

  • CVE-2025-2342MedMar 16, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has…

  • CVE-2024-5810MedJul 9, 2024
    risk 0.34cvss 5.3epss 0.00

    The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it…

  • CVE-2017-12709MedAug 25, 2017
    risk 0.34cvss 5.3epss 0.00

    A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device.

  • CVE-2025-53754MedJul 16, 2025
    risk 0.33cvss epss 0.00

    This vulnerability exists in Digisol DG-GR6821AC Router due to hard-coded Root Access Credentials in system configuration of the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to obtain…

  • CVE-2017-9649MedSep 20, 2017
    risk 0.33cvss 5.0epss 0.00

    A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary…

  • CVE-2025-2394MedMay 23, 2025
    risk 0.31cvss epss 0.00

    Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure.

  • CVE-2024-10451MedNov 25, 2024
    risk 0.31cvss 5.9epss 0.01

    A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data…

  • CVE-2016-3685MedDec 14, 2016
    risk 0.31cvss 4.7epss 0.00

    SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a…