CVE-2023-3262

MEDIUM Year: 2023
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-798
View all →

Vulnerability Description

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.

Related Vulnerabilities

CVE-2017-12317

MEDIUM
CVSS:6.7(Medium)

The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static k...

CWE-7982017

CVE-2017-1787

MEDIUM
CVSS:6.7(Medium)

IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022.

CWE-7982017

CVE-2022-3744

MEDIUM
CVSS:6.7(Medium)

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded S...

CWE-7982022

CVE-2025-27488

MEDIUM
CVSS:6.7(Medium)

Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.

CWE-7982025

CVE-2018-12323

MEDIUM
CVSS:6.8(Medium)

An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at th...

CWE-7982018

CVE-2018-17767

MEDIUM
CVSS:6.8(Medium)

Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N.

CWE-7982018