CWE-798
Use of Hard-coded Credentials
BaseDraftLikelihood: High
Description
The product contains hard-coded credentials, such as a password or cryptographic key.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-191 · CAPEC-70
CVEs mapped to this weakness (354)
page 8 of 18| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-7768 | Cri | 0.60 | — | 0.00 | Aug 6, 2025 | Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms. | |
| CVE-2025-4041 | Cri | 0.60 | — | 0.00 | May 6, 2025 | In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with the device's ssh server and utilize the system's components to perform OS command executions. | |
| CVE-2024-48971 | Cri | 0.60 | 9.3 | 0.00 | Nov 14, 2024 | The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges. | |
| CVE-2023-6198 | Cri | 0.60 | 9.3 | 0.00 | Jun 25, 2024 | Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device. | |
| CVE-2023-27573 | Cri | 0.59 | 9.0 | 0.00 | Mar 11, 2026 | netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment. | |
| CVE-2025-1242 | Cri | 0.59 | 9.1 | 0.00 | Feb 25, 2026 | The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicious control. | |
| CVE-2024-36556 | Cri | 0.59 | 9.1 | 0.00 | Feb 6, 2025 | Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h, and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b have a Hardcoded password vulnerability. | |
| CVE-2024-57811 | Cri | 0.59 | 9.1 | 0.00 | Jan 13, 2025 | In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton. | |
| CVE-2024-46505 | Cri | 0.59 | 9.1 | 0.00 | Jan 9, 2025 | Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | |
| CVE-2024-36248 | Cri | 0.59 | 9.1 | 0.00 | Nov 26, 2024 | API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | |
| CVE-2024-35244 | Cri | 0.59 | 9.1 | 0.00 | Nov 26, 2024 | There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | |
| CVE-2024-10025 | Cri | 0.59 | 9.1 | 0.00 | Oct 17, 2024 | A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password. | |
| CVE-2024-28751 | Cri | 0.59 | 9.1 | 0.01 | Jul 9, 2024 | An high privileged remote attacker can enable telnet access that accepts hardcoded credentials. | |
| CVE-2017-11694 | Cri | 0.59 | 9.1 | 0.00 | Jul 28, 2017 | MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and financial information. The Apache Solr account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for Apache Solr has access to all indexed patient documents. | |
| CVE-2017-11693 | Cri | 0.59 | 9.1 | 0.00 | Jul 28, 2017 | MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. PostgreSQL is used as the Document Management System database. The account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for PostgreSQL has access to the database schema for Document Management System. | |
| CVE-2016-8491 | Cri | 0.59 | 9.1 | 0.00 | Feb 1, 2017 | The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. | |
| CVE-2008-2369 | Cri | 0.59 | 9.1 | 0.01 | Aug 14, 2008 | manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements. | |
| CVE-2024-55557 | Cri | 0.58 | 9.8 | 0.21 | Dec 16, 2024 | ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials. | |
| CVE-2024-6045 | Hig | 0.58 | 8.8 | 0.08 | Jun 17, 2024 | Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware. | |
| CVE-2025-68421 | Hig | 0.57 | — | 0.00 | May 14, 2026 | Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in version 2026.4 |