Weaknesses of type CWE-798
822 resultsCVE-2024-57811CRITICALIn Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password EPSS 0.4%CVE-2026-7786CRITICALJinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded CredentialsEPSS 0.4%CVE-2025-30123CRITICALAn issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enEPSS 0.4%CVE-2025-30122CRITICALAn issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for EPSS 0.4%CVE-2025-30113CRITICALAn issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. TEPSS 0.4%CVE-2025-2342MEDIUMIROAD X5 Mobile App API Endpoint hard-coded credentialsEPSS 0.4%CVE-2018-14801—In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser passworEPSS 0.4%CVE-2026-56265CRITICALCrawl4AI - Authentication Bypass via Hardcoded JWT Signing KeyEPSS 0.4%CVE-2025-30125CRITICALAn issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, EPSS 0.4%CVE-2023-43870HIGHWhen installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batcEPSS 0.4%CVE-2024-48007MEDIUMDell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could pEPSS 0.4%CVE-2023-21524HIGHWindows Local Security Authority (LSA) Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2023-34473MEDIUMUsage of Hard-coded CredentialsEPSS 0.4%CVE-2023-41610HIGHVicture PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.EPSS 0.4%CVE-2025-57601CRITICALAiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for remote terminal access to all managed IoT/eEPSS 0.4%CVE-2022-26476—A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), SEPSS 0.4%CVE-2021-32454CRITICALSITEL CAP/PRX hardcoded credentialsEPSS 0.4%CVE-2024-52788HIGHTenda W9 v1.0.0.7(4456) was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as EPSS 0.4%CVE-2024-52789HIGHTenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in EPSS 0.4%CVE-2024-48126CRITICALHI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access.EPSS 0.4%