CVE-2024-35244

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-798
View all →

Vulnerability Description

There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Related Vulnerabilities

CVE-2008-2369

CRITICAL
CVSS:9.1(Critical)

manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user acc...

CWE-7982008

CVE-2013-10002

CRITICAL
CVSS:9.1(Critical)

A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwin...

CWE-7982013

CVE-2016-8491

CRITICAL
CVSS:9.1(Critical)

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.

CWE-7982016

CVE-2017-11693

CRITICAL
CVSS:9.1(Critical)

MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate d...

CWE-7982017

CVE-2017-11694

CRITICAL
CVSS:9.1(Critical)

MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directl...

CWE-7982017

CVE-2017-9656

CRITICAL
CVSS:9.1(Critical)

The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, in...

CWE-7982017