CVE-2022-30622

HIGH Year: 2022
CVSS v3 Score
7.3
High
Weakness Type
CWE-798
View all →

Vulnerability Description

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within the JS code sent to the customer within the Login.js file is a strong user (which is not documented) and also the password, which allow for super-user access. Username: chcadmin, Password: chcpassword.

Related Vulnerabilities

CVE-2017-12726

HIGH
CVSS:7.3(High)

A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can b...

CWE-7982017

CVE-2017-9956

HIGH
CVSS:7.3(High)

An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use th...

CWE-7982017

CVE-2018-10813

HIGH
CVSS:7.3(High)

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of ...

CWE-7982018

CVE-2018-10966

HIGH
CVSS:7.3(High)

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contai...

CWE-7982018

CVE-2018-15360

HIGH
CVSS:7.3(High)

An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.

CWE-7982018

CVE-2019-7279

HIGH
CVSS:7.3(High)

Optergy Proton/Enterprise devices have Hard-coded Credentials.

CWE-7982019