CWE-798

High likelihood

Use of Hard-coded Credentials

Parent: CWE-1391 - Use of Weak Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

1,721 vulnerabilities with CWE-798
CVE-2020-12016 CRITICAL
Baxter ExactaMix - Privilege Escalation
CVSS 9.8
CVE-2020-12012 MEDIUM
Baxter ExactaMix EM 2400 & EM 1200 - Use of Hard-coded Password
CVSS 6.1
CVE-2020-10276 CRITICAL
Mobile Industrial Robots MIR100 Firmware < 2.8.1.1 - Use of Hard-coded Credentials
CVSS 9.8
CVE-2020-10270 CRITICAL
MiR Fleet Firmware < 2.8.1.1 - Use of Hard-coded Credentials
CVSS 9.8
CVE-2020-10269 CRITICAL
MiR Fleet Firmware < 2.8.1.1 - Use of Hard-coded Credentials in WiFi Access Point
CVSS 9.8
CVE-2020-9289 HIGH
FortiAnalyzer and FortiManager < 6.2.3 - Use of Hard-coded Cryptographic Key
CVSS 7.5
CVE-2020-7501 HIGH
Vijeo Designer Basic < 1.1 HotFix 16 and Vijeo Designer < 6.2 SP9 - Use of Hard-coded Credentials
CVSS 8.8
CVE-2020-7498 CRITICAL
Unity Loader and OS Loader - Use of Hard-coded Credentials
CVSS 9.8
CVE-2020-4216 CRITICAL
IBM Spectrum Protect Plus 10.1.0-10.1.5 - Use of Hard-coded Credentials
CVSS 9.8
CVE-2020-3928 MEDIUM
GeoVision Door Access Control - Info Disclosure
CVSS 6.2
CVE-2020-6265 CRITICAL
SAP Commerce <6.7-1905 - Auth Bypass
CVSS 9.8
CVE-2020-13804 CRITICAL
Foxit Reader and PhantomPDF < 9.7.2 - Hardcoded Credentials Exposure in DocuSign Plugin
CVSS 9.8
CVE-2020-3234 HIGH
Cisco IOS Software - Privilege Escalation
CVSS 8.8
CVE-2020-4190 MEDIUM
IBM Security Guardium 10.6, 11.0, and 11.1 - Use of Hard-coded Credentials
CVSS 6.7
CVE-2020-4177 CRITICAL
IBM Security Guardium 11.1 - Use of Hard-coded Credentials
CVSS 9.8
CVE-2020-13414 HIGH
Aviatrix Controller <5.4.1204 - Info Disclosure
CVSS 7.5
CVE-2020-13166 CRITICAL
MyLittleAdmin 3.8 - Unauthenticated Remote Code Execution via Hardcoded MachineKey
CVSS 9.8
CVE-2020-11549 HIGH
NETGEAR Orbi SRS60 RBS50Y SRR60 Firmware V2.5.1.106 - Use of Hard-coded Credentials
CVSS 8.8
CVE-2020-5248 HIGH
GLPI < 9.4.6 - Use of Hard-coded Credentials via Default GLPIKEY
CVSS 7.2
CVE-2020-4429 CRITICAL
IBM Data Risk Manager 2.0.1-2.0.6 - Use of Hard-coded Credentials
CVSS 9.8
CVE-2020-3318 CRITICAL
Cisco Firepower - Privilege Escalation
CVSS 9.8
CVE-2020-3301 MEDIUM
Cisco Firepower - Privilege Escalation
CVSS 4.4
CVE-2020-12110 CRITICAL
TP-Link NC200/NC210/NC220/NC230/NC250/NC260/NC450 Firmware - Use of Hard-coded Encryption Key
CVSS 9.8
CVE-2020-12627 CRITICAL
Calibre-Web 0.6.6 - Authentication Bypass via Hardcoded Secret Key
CVSS 9.8
CVE-2020-10996 HIGH
Percona XtraDB Cluster <5.7.28-31.41.2 - Info Disclosure
CVSS 8.1
Details
Vulnerabilities 1,721
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits