CVE-2023-37857

HIGH Year: 2023
CVSS v3 Score
7.2
High
Weakness Type
CWE-798
View all →

Vulnerability Description

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.

Related Vulnerabilities

CVE-2017-5230

HIGH
CVSS:7.2(High)

The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides stor...

CWE-7982017

CVE-2019-6812

HIGH
CVSS:7.2(High)

A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol.

CWE-7982019

CVE-2020-15382

HIGH
CVSS:7.2(High)

Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.

CWE-7982020

CVE-2020-28999

HIGH
CVSS:7.2(High)

An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The v...

CWE-7982020

CVE-2021-44720

HIGH
CVSS:7.2(High)

In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets....

CWE-7982021

CVE-2021-45913

HIGH
CVSS:7.2(High)

A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel.

CWE-7982021