Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2026-7414
CRITICAL CVSS 9.8
Find Similar
Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or re
The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscr
CVE-2026-7413
CRITICAL CVSS 9.8
Find Similar
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, canno
CVE-2026-27751
CRITICAL CVSS 9.3
Find Similar
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attacke
CVE-2026-26341
CRITICAL CVSS 9.3
Find Similar
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker wh
This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by ex
This vulnerability exists in Digisol DG-GR6821AC Router due to use of default admin credentials at its web management interface. An attacker with physical access could exploit this vulnerability by ex
CVE-2025-1242
CRITICAL CVSS 9.3
Find Similar
The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attack
CVE-2026-10557
CRITICAL CVSS 9.3
Find Similar
The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are rea
CVE-2025-7072
CRITICAL CVSS 9.3
Find Similar
The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to execute c
ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device
CVE-2025-28230
CRITICAL CVSS 9.1
Find Similar
Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers to access hardcoded administrator credentials.
CVE-2017-20214
CRITICAL CVSS 9.3
Find Similar
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiab
Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulne
Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on old
The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgr
CVE-2024-4996
CRITICAL CVSS 9.3
Find Similar
Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is s
After gaining access to the firmware of a charging station, a file at can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers. This issue
CVE-2024-51431
CRITICAL CVSS 9.8
Find Similar
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.
Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of
Page 1+ Next →