CWE-798

High likelihood

Use of Hard-coded Credentials

Parent: CWE-1391 - Use of Weak Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

1,712 vulnerabilities with CWE-798
CVE-2025-8231 MEDIUM
D-Link DIR-890L <111b04 - Hard-Coded Credentials
CVSS 6.8
CVE-2025-45466 HIGH
Unitree Go1 <= Go1_2022_05_11 - Incorrect Access Control via Hard-coded Credentials
CVSS 8.8
CVE-2025-31953 HIGH
HCL iAutomate - Use of Hard-coded Credentials
CVSS 7.1
CVE-2025-54455 CRITICAL
Samsung MagicINFO 9 Server < 21.1080.0 - Authentication Bypass via Hard-coded Credentials
CVSS 9.1
CVE-2025-54454 CRITICAL
Samsung MagicINFO 9 Server < 21.1080.0 - Authentication Bypass via Hard-coded Credentials
CVSS 9.1
CVE-2025-4130 HIGH
PAVO Pay <13.05.2025 - Info Disclosure
CVSS 7.5
CVE-2025-4570 MEDIUM
MyASUS - Use of Hard-coded Credentials
CVE-2025-4569 HIGH
MyASUS - Use of Hard-coded Credentials
CVE-2025-4049 HIGH
SIGNUM-NET FARA <5.0.80.34 - Info Disclosure
CVE-2025-6982 MEDIUM
TP-Link Archer C50 - Info Disclosure
CVE-2025-53754 MEDIUM
Digisol DG-GR6821AC Router - Privilege Escalation
CVE-2025-53842 MEDIUM
ZWX-2000CSW2-HN <0.3.19 - Info Disclosure
CVSS 4.5
CVE-2025-52376 CRITICAL
Nexxt Solutions NCM-X1800 Mesh Router <UV1.2.7 - Auth Bypass
CVSS 9.8
CVE-2025-3621 CRITICAL
ActADUR <2.0.2.0 - Command Injection
CVSS 9.6
CVE-2025-52363 MEDIUM
Tenda CP3 Pro Firmware V22.5.4.93 - Use of Hard-coded Credentials in /etc/passwd
CVSS 6.8
CVE-2025-7564 HIGH
LB-LINK BL-AC3600 1.0.22 - Hard-coded Credentials
CVSS 7.8
CVE-2025-7503 CRITICAL
OEM IP Camera <AppFHE1_V1.0.6.0 - Command Injection
CVE-2025-7401 CRITICAL
WordPress Premium Age Verification <3.0.2 - Info Disclosure
CVSS 9.8
CVE-2025-5023 HIGH
Mitsubishi Electric Corporation photovoltaic system monitor - Info ...
CVSS 7.1
CVE-2025-49551 HIGH
Adobe ColdFusion <= 2025.2, <= 2023.14, <= 2021.20 - Use of Hard-coded Credentials
CVSS 8.8
CVE-2025-37103 CRITICAL
HPE Networking Instant On - Auth Bypass
CVSS 9.8
CVE-2025-52492 HIGH
Paxton Paxton10 <4.6 SR6 - Info Disclosure
CVSS 7.5
CVE-2025-7079 LOW
mao888 bluebell-plus < 2.3.0 - Hard-coded Password in JWT Token Handler
CVSS 3.7
CVE-2025-45813 CRITICAL
ENENSYS IPGuard v2 2.10.0 - Use of Hard-coded Credentials
CVSS 9.8
CVE-2025-20309 CRITICAL
Cisco Unified Communications Manager - Unauthenticated Remote Code Execution via Hard-coded Root Credentials
CVSS 10.0
Details
Vulnerabilities 1,712
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits