#hard_coded_credentials

SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information.

Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials.

SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sierra Wireless Equipment: AirLink Vulnerabilities: Infinite Loop, NULL Pointer Dereference, Cross-site Scripting, Reachable Assertion, Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution to take full control of the device, steal credentials through a cross site scripting attack, or crash the device being accessed through a denial-of-service attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Sierra Wireless AirLink router with ALEOS firmware are affected: AirLink ALEOS firmware: All versions prior to 4.9.9 AirLink ALEOS firmware: All versions prior to 4.17.0 3.2 Vulnerability Overview 3.2.1 LOOP WITH UNREACHABLE EXIT CONDITION ('INFINITE LOOP') CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability...

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials.

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials.

EnBw SENEC Legacy Storage Box versions 1 through 3 appear to suffer from a hardcoded credential vulnerability.

EnBw SENEC Legacy Storage Box versions 1 through 3 appear to expose a management interface that can be accessed with hardcoded credentials.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Weintek Equipment: EasyBuilder Pro Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain remote control of a victim's computer as a privileged user. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Weintek products are affected: EasyBuilder Pro: Versions prior to v6.07.02 EasyBuilder Pro: Versions 6.08.01.592 and prior EasyBuilder Pro: Versions 6.08.02.470 and prior 3.2 Vulnerability Overview 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 The affected product contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server. CVE-2023-5777 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has bee...

VinChin Backup and Recovery in VinChin VMWare Backup versions 5.0 through 7.0 suffers from hardcoded credential and remote code execution vulnerabilities.