VYPR

CWE-798

Use of Hard-coded Credentials

BaseDraftLikelihood: High

Description

The product contains hard-coded credentials, such as a password or cryptographic key.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-191 · CAPEC-70

CVEs mapped to this weakness (556)

page 5 of 28
  • CVE-2024-57040CriFeb 26, 2025
    risk 0.64cvss 9.8epss 0.01

    TP-Link TL-WR845N devices with firmware TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the…

  • CVE-2025-26410CriFeb 11, 2025
    risk 0.64cvss 9.8epss 0.01

    The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the…

  • CVE-2024-48126CriJan 15, 2025
    risk 0.64cvss 9.8epss 0.00

    HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access.

  • CVE-2024-4996CriDec 18, 2024
    risk 0.64cvss 9.8epss 0.01

    Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP installations. This issue affects Wapro ERP Desktop…

  • CVE-2024-54750CriDec 6, 2024
    risk 0.64cvss 9.8epss 0.00

    Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before.

  • CVE-2024-48539CriOct 24, 2024
    risk 0.64cvss 9.8epss 0.00

    Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.

  • CVE-2024-6656CriSep 13, 2024
    risk 0.64cvss 9.8epss 0.00

    Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable. This issue affects Cockpit Software: before v2.13.

  • CVE-2024-28747CriJul 9, 2024
    risk 0.64cvss 9.8epss 0.01

    An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.

  • CVE-2024-39208CriJun 27, 2024
    risk 0.64cvss 9.8epss 0.01

    luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.

  • CVE-2024-0949CriJun 27, 2024
    risk 0.64cvss 9.8epss 0.01

    Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68.

  • CVE-2024-36480CriJun 19, 2024
    risk 0.64cvss 9.8epss 0.00

    Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the…

  • CVE-2024-5514CriMay 30, 2024
    risk 0.64cvss 9.8epss 0.01

    MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend…

  • CVE-2024-2161CriMar 21, 2024
    risk 0.64cvss 9.8epss 0.01

    Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .

  • CVE-2020-6990CriMar 16, 2020
    risk 0.64cvss 9.8epss 0.04

    Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the…

  • CVE-2018-15427CriOct 5, 2018
    risk 0.64cvss 9.8epss 0.07

    A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has…

  • CVE-2018-15389CriOct 5, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is…

  • CVE-2018-8856CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.01

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data.

  • CVE-2018-16957CriSep 18, 2018
    risk 0.64cvss 9.8epss 0.03

    The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary able to access this service…

  • CVE-2017-9821CriAug 24, 2018
    risk 0.64cvss 9.8epss 0.01

    The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication.

  • CVE-2017-12577CriAug 24, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.