Weaknesses of type CWE-798
820 resultsCVE-2018-11681CRITICALDefault and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device throuEPSS 4.3%CVE-2014-9198—Schneider Electric ETG3000 FactoryCast HMI Gateway Use of Hard-coded CredentialsEPSS 4.2%CVE-2018-0222—A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected EPSS 3.8%CVE-2018-0375—A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an aEPSS 3.8%CVE-2020-6779CRITICALHard-coded Credentials in the Database of Bosch FSM-2500 Server and Bosch FSM-5000 ServerEPSS 3.7%CVE-2018-25126CRITICALTVT NVMS-9000 Hard-coded API Credentials & Command InjectionEPSS 3.7%CVE-2021-22667—BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unEPSS 3.6%CVE-2019-9493MEDIUMMyCar Controls uses hard-coded credentialsEPSS 3.6%CVE-2019-13658CRITICALCA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commanEPSS 3.4%CVE-2020-3330CRITICALCisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential VulnerabilityEPSS 3.4%CVE-2019-10979—SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.EPSS 3.4%CVE-2020-12501CRITICALPepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx productsEPSS 3.3%CVE-2022-23942—Apache Doris hardcoded cryptography initializationEPSS 3.1%CVE-2022-35866CRITICALThis vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. AuEPSS 3.1%CVE-2025-8730CRITICALBelkin F9K1009/F9K1010 Web Interface hard-coded credentialsEPSS 3.0%CVE-2021-21820CRITICALA hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted netwEPSS 3.0%CVE-2024-9643CRITICALFour-Faith F3x36 Hidden Debug CredentialsEPSS 3.0%CVE-2019-3906—Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can useEPSS 2.9%CVE-2017-14027—A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FXEPSS 2.8%CVE-2020-6963—In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X EPSS 2.7%