Common Weakness Enumeration

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

CVE-2026-1958 (GCVE-0-2026-1958)

Vulnerability from cvelistv5 – Published: 2026-03-23 12:40 – Updated: 2026-03-23 15:51
VLAI
Title
Hard-coded passwords in KlinikaXP
Summary
Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update. This issue affects KlinikaXP: before 5.39.01.01. and KlinikaXP Insertino before 3.1.0.1 Beside removing the hardcoded credentials from the code, previously exposed credentials were also rotated preventing further attack attempts.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Vendor Product Version
BRI KlinikaXP Insertino Affected: 0 , < 3.1.0.1 (semver)
Create a notification for this product.
BRI KlinikaXP Affected: 0 , < 5.39.01.01 (semver)
Create a notification for this product.
Credits
Wojciech Giełda
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T15:17:46.045147Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T15:51:31.644Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "KlinikaXP Insertino",
          "vendor": "BRI",
          "versions": [
            {
              "lessThan": "3.1.0.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "KlinikaXP",
          "vendor": "BRI",
          "versions": [
            {
              "lessThan": "5.39.01.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Wojciech Gie\u0142da"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application\u0027s update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update.\u003cbr\u003e\u003cbr\u003eThis issue affects KlinikaXP: before 5.39.01.01. and KlinikaXP Insertino before 3.1.0.1\u003cbr\u003e\u003cbr\u003eBeside removing the hardcoded credentials from the code, previously exposed credentials were also rotated preventing further attack attempts."
            }
          ],
          "value": "Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application\u0027s update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update.\n\nThis issue affects KlinikaXP: before 5.39.01.01. and KlinikaXP Insertino before 3.1.0.1\n\nBeside removing the hardcoded credentials from the code, previously exposed credentials were also rotated preventing further attack attempts."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-23T12:40:12.895Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/posts/2026/03/CVE-2026-1958"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.klinikaxp.pl/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Hard-coded passwords in KlinikaXP",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2026-1958",
    "datePublished": "2026-03-23T12:40:12.895Z",
    "dateReserved": "2026-02-05T10:05:53.336Z",
    "dateUpdated": "2026-03-23T15:51:31.644Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20111 (GCVE-0-2026-20111)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:11 – Updated: 2026-02-04 16:41
VLAI
Title
Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Prime Infrastructure Affected: 3.0.0
Affected: 3.1.0
Affected: 3.1.5
Affected: 2.1
Affected: 2.0.0
Affected: 3.6.0
Affected: 3.7.0
Affected: 3.4.0
Affected: 3.3.0
Affected: 3.2
Affected: 3.5.0
Affected: 3.2.0-FIPS
Affected: 2.2
Affected: 3.8.0-FED
Affected: 3.9.0
Affected: 3.8.0
Affected: 3.10.0
Affected: 3.1.1
Affected: 2.1.2
Affected: 2.2.1
Affected: 2.2.0
Affected: 3.0.2
Affected: 3.0.3
Affected: 3.0.1
Affected: 2.2.2
Affected: 2.2.3
Affected: 2.1.0
Affected: 2.1.1
Affected: 3.9.1
Affected: 2.0.10
Affected: 3.8.1
Affected: 3.7.1
Affected: 3.5.1
Affected: 3.4.2
Affected: 3.3.1
Affected: 3.1.7
Affected: 3.2.1
Affected: 3.2.2
Affected: 3.1.6
Affected: 3.1.2
Affected: 3.4.1
Affected: 3.1.3
Affected: 3.1.4
Affected: 3.0.6
Affected: 2.2.10
Affected: 3.0.4
Affected: 3.0.5
Affected: 2.1.56
Affected: 2.2.4
Affected: 2.2.9
Affected: 2.2.8
Affected: 2.2.5
Affected: 2.2.7
Affected: 2.0.39
Affected: 3.8_DP1
Affected: 3.9_DP1
Affected: 3.7_DP2
Affected: 3.6_DP1
Affected: 3.5_DP4
Affected: 3.5_DP2
Affected: 3.4_DP10
Affected: 3.7_DP1
Affected: 3.5_DP3
Affected: 3.4_DP11
Affected: 3.5_DP1
Affected: 3.4_DP8
Affected: 3.4_DP1
Affected: 3.4_DP3
Affected: 3.4_DP5
Affected: 3.4_DP2
Affected: 3.4_DP7
Affected: 3.4_DP6
Affected: 3.3_DP4
Affected: 3.4_DP4
Affected: 3.4_DP9
Affected: 3.1_DP16
Affected: 3.3_DP2
Affected: 3.3_DP3
Affected: 3.1_DP15
Affected: 3.3_DP1
Affected: 3.1_DP13
Affected: 3.2_DP2
Affected: 3.2_DP1
Affected: 3.2_DP3
Affected: 3.1_DP14
Affected: 3.2_DP4
Affected: 3.1_DP7
Affected: 3.1_DP10
Affected: 3.1_DP11
Affected: 3.1_DP4
Affected: 3.1_DP6
Affected: 3.1_DP12
Affected: 3.1_DP5
Affected: 3.0.7
Affected: 3.1_DP9
Affected: 3.1_DP8
Affected: 3.10_DP1
Affected: 3.10.2
Affected: 3.10.3
Affected: 3.10
Affected: 3.10.1
Affected: 3.7.1 Update 03
Affected: 3.7.1 Update 04
Affected: 3.7.1 Update 06
Affected: 3.7.1 Update 07
Affected: 3.8.1 Update 01
Affected: 3.8.1 Update 02
Affected: 3.8.1 Update 03
Affected: 3.8.1 Update 04
Affected: 3.9.1 Update 01
Affected: 3.9.1 Update 02
Affected: 3.9.1 Update 03
Affected: 3.9.1 Update 04
Affected: 3.10 Update 01
Affected: 3.4.2 Update 01
Affected: 3.6.0 Update 04
Affected: 3.6.0 Update 02
Affected: 3.6.0 Update 03
Affected: 3.6.0 Update 01
Affected: 3.5.1 Update 03
Affected: 3.5.1 Update 01
Affected: 3.5.1 Update 02
Affected: 3.7.0 Update 03
Affected: 2.2.3 Update 05
Affected: 2.2.3 Update 04
Affected: 2.2.3 Update 06
Affected: 2.2.3 Update 03
Affected: 2.2.3 Update 02
Affected: 2.2.1 Update 01
Affected: 2.2.2 Update 03
Affected: 2.2.2 Update 04
Affected: 3.8.0 Update 01
Affected: 3.8.0 Update 02
Affected: 3.7.1 Update 01
Affected: 3.7.1 Update 02
Affected: 3.7.1 Update 05
Affected: 3.9.0 Update 01
Affected: 3.3.0 Update 01
Affected: 3.4.1 Update 02
Affected: 3.4.1 Update 01
Affected: 3.5.0 Update 03
Affected: 3.5.0 Update 01
Affected: 3.5.0 Update 02
Affected: 3.10.4
Affected: 3.10.4 Update 01
Affected: 3.10.4 Update 02
Affected: 3.10.4 Update 03
Affected: 3.10.5
Affected: 3.10.6
Affected: 3.10.6 Update 01
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20111",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-04T16:41:28.347358Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-04T16:41:39.389Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Prime Infrastructure",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0"
            },
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.1.5"
            },
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            },
            {
              "status": "affected",
              "version": "3.6.0"
            },
            {
              "status": "affected",
              "version": "3.7.0"
            },
            {
              "status": "affected",
              "version": "3.4.0"
            },
            {
              "status": "affected",
              "version": "3.3.0"
            },
            {
              "status": "affected",
              "version": "3.2"
            },
            {
              "status": "affected",
              "version": "3.5.0"
            },
            {
              "status": "affected",
              "version": "3.2.0-FIPS"
            },
            {
              "status": "affected",
              "version": "2.2"
            },
            {
              "status": "affected",
              "version": "3.8.0-FED"
            },
            {
              "status": "affected",
              "version": "3.9.0"
            },
            {
              "status": "affected",
              "version": "3.8.0"
            },
            {
              "status": "affected",
              "version": "3.10.0"
            },
            {
              "status": "affected",
              "version": "3.1.1"
            },
            {
              "status": "affected",
              "version": "2.1.2"
            },
            {
              "status": "affected",
              "version": "2.2.1"
            },
            {
              "status": "affected",
              "version": "2.2.0"
            },
            {
              "status": "affected",
              "version": "3.0.2"
            },
            {
              "status": "affected",
              "version": "3.0.3"
            },
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "2.2.2"
            },
            {
              "status": "affected",
              "version": "2.2.3"
            },
            {
              "status": "affected",
              "version": "2.1.0"
            },
            {
              "status": "affected",
              "version": "2.1.1"
            },
            {
              "status": "affected",
              "version": "3.9.1"
            },
            {
              "status": "affected",
              "version": "2.0.10"
            },
            {
              "status": "affected",
              "version": "3.8.1"
            },
            {
              "status": "affected",
              "version": "3.7.1"
            },
            {
              "status": "affected",
              "version": "3.5.1"
            },
            {
              "status": "affected",
              "version": "3.4.2"
            },
            {
              "status": "affected",
              "version": "3.3.1"
            },
            {
              "status": "affected",
              "version": "3.1.7"
            },
            {
              "status": "affected",
              "version": "3.2.1"
            },
            {
              "status": "affected",
              "version": "3.2.2"
            },
            {
              "status": "affected",
              "version": "3.1.6"
            },
            {
              "status": "affected",
              "version": "3.1.2"
            },
            {
              "status": "affected",
              "version": "3.4.1"
            },
            {
              "status": "affected",
              "version": "3.1.3"
            },
            {
              "status": "affected",
              "version": "3.1.4"
            },
            {
              "status": "affected",
              "version": "3.0.6"
            },
            {
              "status": "affected",
              "version": "2.2.10"
            },
            {
              "status": "affected",
              "version": "3.0.4"
            },
            {
              "status": "affected",
              "version": "3.0.5"
            },
            {
              "status": "affected",
              "version": "2.1.56"
            },
            {
              "status": "affected",
              "version": "2.2.4"
            },
            {
              "status": "affected",
              "version": "2.2.9"
            },
            {
              "status": "affected",
              "version": "2.2.8"
            },
            {
              "status": "affected",
              "version": "2.2.5"
            },
            {
              "status": "affected",
              "version": "2.2.7"
            },
            {
              "status": "affected",
              "version": "2.0.39"
            },
            {
              "status": "affected",
              "version": "3.8_DP1"
            },
            {
              "status": "affected",
              "version": "3.9_DP1"
            },
            {
              "status": "affected",
              "version": "3.7_DP2"
            },
            {
              "status": "affected",
              "version": "3.6_DP1"
            },
            {
              "status": "affected",
              "version": "3.5_DP4"
            },
            {
              "status": "affected",
              "version": "3.5_DP2"
            },
            {
              "status": "affected",
              "version": "3.4_DP10"
            },
            {
              "status": "affected",
              "version": "3.7_DP1"
            },
            {
              "status": "affected",
              "version": "3.5_DP3"
            },
            {
              "status": "affected",
              "version": "3.4_DP11"
            },
            {
              "status": "affected",
              "version": "3.5_DP1"
            },
            {
              "status": "affected",
              "version": "3.4_DP8"
            },
            {
              "status": "affected",
              "version": "3.4_DP1"
            },
            {
              "status": "affected",
              "version": "3.4_DP3"
            },
            {
              "status": "affected",
              "version": "3.4_DP5"
            },
            {
              "status": "affected",
              "version": "3.4_DP2"
            },
            {
              "status": "affected",
              "version": "3.4_DP7"
            },
            {
              "status": "affected",
              "version": "3.4_DP6"
            },
            {
              "status": "affected",
              "version": "3.3_DP4"
            },
            {
              "status": "affected",
              "version": "3.4_DP4"
            },
            {
              "status": "affected",
              "version": "3.4_DP9"
            },
            {
              "status": "affected",
              "version": "3.1_DP16"
            },
            {
              "status": "affected",
              "version": "3.3_DP2"
            },
            {
              "status": "affected",
              "version": "3.3_DP3"
            },
            {
              "status": "affected",
              "version": "3.1_DP15"
            },
            {
              "status": "affected",
              "version": "3.3_DP1"
            },
            {
              "status": "affected",
              "version": "3.1_DP13"
            },
            {
              "status": "affected",
              "version": "3.2_DP2"
            },
            {
              "status": "affected",
              "version": "3.2_DP1"
            },
            {
              "status": "affected",
              "version": "3.2_DP3"
            },
            {
              "status": "affected",
              "version": "3.1_DP14"
            },
            {
              "status": "affected",
              "version": "3.2_DP4"
            },
            {
              "status": "affected",
              "version": "3.1_DP7"
            },
            {
              "status": "affected",
              "version": "3.1_DP10"
            },
            {
              "status": "affected",
              "version": "3.1_DP11"
            },
            {
              "status": "affected",
              "version": "3.1_DP4"
            },
            {
              "status": "affected",
              "version": "3.1_DP6"
            },
            {
              "status": "affected",
              "version": "3.1_DP12"
            },
            {
              "status": "affected",
              "version": "3.1_DP5"
            },
            {
              "status": "affected",
              "version": "3.0.7"
            },
            {
              "status": "affected",
              "version": "3.1_DP9"
            },
            {
              "status": "affected",
              "version": "3.1_DP8"
            },
            {
              "status": "affected",
              "version": "3.10_DP1"
            },
            {
              "status": "affected",
              "version": "3.10.2"
            },
            {
              "status": "affected",
              "version": "3.10.3"
            },
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "status": "affected",
              "version": "3.10.1"
            },
            {
              "status": "affected",
              "version": "3.7.1 Update 03"
            },
            {
              "status": "affected",
              "version": "3.7.1 Update 04"
            },
            {
              "status": "affected",
              "version": "3.7.1 Update 06"
            },
            {
              "status": "affected",
              "version": "3.7.1 Update 07"
            },
            {
              "status": "affected",
              "version": "3.8.1 Update 01"
            },
            {
              "status": "affected",
              "version": "3.8.1 Update 02"
            },
            {
              "status": "affected",
              "version": "3.8.1 Update 03"
            },
            {
              "status": "affected",
              "version": "3.8.1 Update 04"
            },
            {
              "status": "affected",
              "version": "3.9.1 Update 01"
            },
            {
              "status": "affected",
              "version": "3.9.1 Update 02"
            },
            {
              "status": "affected",
              "version": "3.9.1 Update 03"
            },
            {
              "status": "affected",
              "version": "3.9.1 Update 04"
            },
            {
              "status": "affected",
              "version": "3.10 Update 01"
            },
            {
              "status": "affected",
              "version": "3.4.2 Update 01"
            },
            {
              "status": "affected",
              "version": "3.6.0 Update 04"
            },
            {
              "status": "affected",
              "version": "3.6.0 Update 02"
            },
            {
              "status": "affected",
              "version": "3.6.0 Update 03"
            },
            {
              "status": "affected",
              "version": "3.6.0 Update 01"
            },
            {
              "status": "affected",
              "version": "3.5.1 Update 03"
            },
            {
              "status": "affected",
              "version": "3.5.1 Update 01"
            },
            {
              "status": "affected",
              "version": "3.5.1 Update 02"
            },
            {
              "status": "affected",
              "version": "3.7.0 Update 03"
            },
            {
              "status": "affected",
              "version": "2.2.3 Update 05"
            },
            {
              "status": "affected",
              "version": "2.2.3 Update 04"
            },
            {
              "status": "affected",
              "version": "2.2.3 Update 06"
            },
            {
              "status": "affected",
              "version": "2.2.3 Update 03"
            },
            {
              "status": "affected",
              "version": "2.2.3 Update 02"
            },
            {
              "status": "affected",
              "version": "2.2.1 Update 01"
            },
            {
              "status": "affected",
              "version": "2.2.2 Update 03"
            },
            {
              "status": "affected",
              "version": "2.2.2 Update 04"
            },
            {
              "status": "affected",
              "version": "3.8.0 Update 01"
            },
            {
              "status": "affected",
              "version": "3.8.0 Update 02"
            },
            {
              "status": "affected",
              "version": "3.7.1 Update 01"
            },
            {
              "status": "affected",
              "version": "3.7.1 Update 02"
            },
            {
              "status": "affected",
              "version": "3.7.1 Update 05"
            },
            {
              "status": "affected",
              "version": "3.9.0 Update 01"
            },
            {
              "status": "affected",
              "version": "3.3.0 Update 01"
            },
            {
              "status": "affected",
              "version": "3.4.1 Update 02"
            },
            {
              "status": "affected",
              "version": "3.4.1 Update 01"
            },
            {
              "status": "affected",
              "version": "3.5.0 Update 03"
            },
            {
              "status": "affected",
              "version": "3.5.0 Update 01"
            },
            {
              "status": "affected",
              "version": "3.5.0 Update 02"
            },
            {
              "status": "affected",
              "version": "3.10.4"
            },
            {
              "status": "affected",
              "version": "3.10.4 Update 01"
            },
            {
              "status": "affected",
              "version": "3.10.4 Update 02"
            },
            {
              "status": "affected",
              "version": "3.10.4 Update 03"
            },
            {
              "status": "affected",
              "version": "3.10.5"
            },
            {
              "status": "affected",
              "version": "3.10.6"
            },
            {
              "status": "affected",
              "version": "3.10.6 Update 01"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "Use of Hard-coded Credentials",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T16:11:56.571Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-pi-xss-bYeVKCD",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-xss-bYeVKCD"
        }
      ],
      "source": {
        "advisory": "cisco-sa-pi-xss-bYeVKCD",
        "defects": [
          "CSCwo96708"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20111",
    "datePublished": "2026-02-04T16:11:56.571Z",
    "dateReserved": "2025-10-08T11:59:15.374Z",
    "dateUpdated": "2026-02-04T16:41:39.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21404 (GCVE-0-2026-21404)

Vulnerability from cvelistv5 – Published: 2026-06-04 19:44 – Updated: 2026-06-05 18:26
VLAI
Title
NAVTOR NavBox Use of Hard-coded Credentials
Summary
NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the SOAP interface grants access to privileged WCF methods, enabling an attacker to write or overwrite files within application-defined paths.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
Impacted products
Vendor Product Version
NAVTOR NavBox Affected: 0 , ≤ 4.16.1.20 (custom)
Unaffected: 4.17.2.6
Create a notification for this product.
Date Public
2026-06-04 17:00
Credits
Cydome Security Ltd reported this vulnerability to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21404",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T18:25:51.749669Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T18:26:01.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NavBox",
          "vendor": "NAVTOR",
          "versions": [
            {
              "lessThanOrEqual": "4.16.1.20",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "4.17.2.6"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Cydome Security Ltd reported this vulnerability to CISA."
        }
      ],
      "datePublic": "2026-06-04T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the SOAP interface grants access to privileged WCF methods, enabling an attacker to write or overwrite files within application-defined paths."
            }
          ],
          "value": "NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the SOAP interface grants access to privileged WCF methods, enabling an attacker to write or overwrite files within application-defined paths."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-04T19:44:53.466Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-155-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-155-01.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NAVTOR has released a patch for NavBox in April 2026.  Version 4.17.2.6 and later includes the fix. Users that have an active NavBox connection will automatically be kept up to date with the latest version. No user action required."
            }
          ],
          "value": "NAVTOR has released a patch for NavBox in April 2026.  Version 4.17.2.6 and later includes the fix. Users that have an active NavBox connection will automatically be kept up to date with the latest version. No user action required."
        }
      ],
      "source": {
        "advisory": "ICSA-26-155-01",
        "discovery": "EXTERNAL"
      },
      "title": "NAVTOR NavBox Use of Hard-coded Credentials",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2026-21404",
    "datePublished": "2026-06-04T19:44:53.466Z",
    "dateReserved": "2026-01-27T23:33:47.825Z",
    "dateUpdated": "2026-06-05T18:26:01.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22312 (GCVE-0-2026-22312)

Vulnerability from cvelistv5 – Published: 2026-06-16 18:19 – Updated: 2026-06-17 12:18
VLAI
Title
Use of Hard-coded Credentials Vulnerability in Radiflow iSAP Smart Collector
Summary
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot).
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
URL Tags
https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22312 third-party-advisory
Impacted products
Vendor Product Version
Radiflow iSAP Smart Collector Affected: 3.07-1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22312",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T12:18:32.031146Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T12:18:41.856Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "iSAP Smart Collector",
          "vendor": "Radiflow",
          "versions": [
            {
              "status": "affected",
              "version": "3.07-1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration\nand execute some commands (e.g. system reboot)."
            }
          ],
          "value": "The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration\nand execute some commands (e.g. system reboot)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798: Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T18:38:16.344Z",
        "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "shortName": "ENISA"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22312"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Use of Hard-coded Credentials Vulnerability in Radiflow iSAP Smart Collector",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
    "assignerShortName": "ENISA",
    "cveId": "CVE-2026-22312",
    "datePublished": "2026-06-16T18:19:33.358Z",
    "dateReserved": "2026-01-07T09:31:00.563Z",
    "dateUpdated": "2026-06-17T12:18:41.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22769 (GCVE-0-2026-22769)

Vulnerability from cvelistv5 – Published: 2026-02-17 19:19 – Updated: 2026-02-26 14:44
VLAI
Summary
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
Impacted products
Vendor Product Version
Dell RecoverPoint for Virtual Machines Affected: 5.3 SP4 P1 , < 6.0.3.1 HF1 (semver)
Create a notification for this product.
Dell RecoverPoint for Virtual Machines Affected: 6.0, 6.0 SP1, 6.0 SP1 P1, 6.0 SP1 P2, 6.0 SP2, 6.0 SP2 P1, 6.0 SP3, and 6.0 SP3 P1 , < 6.0.3.1 HF1 (semver)
Create a notification for this product.
Date Public
2026-02-17 18:00
Credits
Dell would like to thank Peter Ukhanov from Google/Mandiant for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22769",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-19T04:55:35.963273Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-02-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:44:19.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769"
          },
          {
            "tags": [
              "third-party-advisory"
            ],
            "url": "https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "RecoverPoint for Virtual Machines",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "6.0.3.1 HF1",
              "status": "affected",
              "version": "5.3 SP4 P1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RecoverPoint for Virtual Machines",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "6.0.3.1 HF1",
              "status": "affected",
              "version": "6.0, 6.0 SP1, 6.0 SP1 P1, 6.0 SP1 P2, 6.0 SP2, 6.0 SP2 P1, 6.0 SP3, and 6.0 SP3 P1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dell would like to thank Peter Ukhanov from Google/Mandiant for reporting this issue."
        }
      ],
      "datePublic": "2026-02-17T18:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible."
            }
          ],
          "value": "Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798: Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-17T19:19:34.178Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2026-22769",
    "datePublished": "2026-02-17T19:19:34.178Z",
    "dateReserved": "2026-01-09T18:05:08.764Z",
    "dateUpdated": "2026-02-26T14:44:19.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22900 (GCVE-0-2026-22900)

Vulnerability from cvelistv5 – Published: 2026-03-20 16:21 – Updated: 2026-03-25 14:04
VLAI
Title
QuNetSwitch
Summary
A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. QuNetSwitch Affected: 2.0.x , < 2.0.5.0906 (custom)
Create a notification for this product.
Credits
產品安全漏洞獵捕計劃 - YingMuo
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22900",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T14:04:33.527344Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T14:04:41.325Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QuNetSwitch",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "2.0.5.0906",
              "status": "affected",
              "version": "2.0.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "\u7522\u54c1\u5b89\u5168\u6f0f\u6d1e\u7375\u6355\u8a08\u5283 - YingMuo"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eQuNetSwitch 2.0.5.0906 and later\u003cbr\u003e"
            }
          ],
          "value": "A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access.\n\nWe have already fixed the vulnerability in the following version:\nQuNetSwitch 2.0.5.0906 and later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T16:21:25.342Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-26-11"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eQuNetSwitch 2.0.5.0906 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following version:\nQuNetSwitch 2.0.5.0906 and later"
        }
      ],
      "source": {
        "advisory": "QSA-26-11",
        "discovery": "EXTERNAL"
      },
      "title": "QuNetSwitch",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2026-22900",
    "datePublished": "2026-03-20T16:21:25.342Z",
    "dateReserved": "2026-01-13T07:49:08.784Z",
    "dateUpdated": "2026-03-25T14:04:41.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22911 (GCVE-0-2026-22911)

Vulnerability from cvelistv5 – Published: 2026-01-15 13:02 – Updated: 2026-01-15 14:39
VLAI
Summary
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
URL Tags
https://sick.com/psirt x_SICK PSIRT Security Advisories
https://www.sick.com/media/docs/9/19/719/special_… x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
https://www.sick.com/.well-known/csaf/white/2026/… x_The canonical URL.
https://www.sick.com/.well-known/csaf/white/2026/… vendor-advisory
Impacted products
Vendor Product Version
SICK AG TDC-X401GL Affected: all versions (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22911",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T14:38:46.463929Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T14:39:02.055Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "TDC-X401GL",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all versions",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eFirmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.\u003c/p\u003e"
            }
          ],
          "value": "Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T13:02:29.453Z",
        "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "shortName": "SICK AG"
      },
      "references": [
        {
          "tags": [
            "x_SICK PSIRT Security Advisories"
          ],
          "url": "https://sick.com/psirt"
        },
        {
          "tags": [
            "x_SICK Operating Guidelines"
          ],
          "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
        },
        {
          "tags": [
            "x_ICS-CERT recommended practices on Industrial Security"
          ],
          "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
        },
        {
          "tags": [
            "x_CVSS v3.1 Calculator"
          ],
          "url": "https://www.first.org/cvss/calculator/3.1"
        },
        {
          "tags": [
            "x_The canonical URL."
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf"
        }
      ],
      "source": {
        "advisory": "SCA-2026-0001",
        "discovery": "INTERNAL"
      },
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.\u003c/p\u003e"
            }
          ],
          "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices."
        }
      ],
      "x_generator": {
        "engine": "csaf2cve 0.2.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
    "assignerShortName": "SICK AG",
    "cveId": "CVE-2026-22911",
    "datePublished": "2026-01-15T13:02:29.453Z",
    "dateReserved": "2026-01-13T09:11:11.448Z",
    "dateUpdated": "2026-01-15T14:39:02.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-23647 (GCVE-0-2026-23647)

Vulnerability from cvelistv5 – Published: 2026-02-17 16:30 – Updated: 2026-02-18 15:33
VLAI
Title
Glory RBG-100 Recycler System Hard-coded OS Credentials
Summary
Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privileges, were found to have fixed, embedded passwords. An attacker with network access to exposed services such as SSH may authenticate using these credentials and gain unauthorized access to the system. Successful exploitation allows remote access with elevated privileges and may result in full system compromise.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Credits
Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp. Omar Crespo, Pentester, GM Sectec, Corp. VulnCheck
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-23647",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T18:36:15.592267Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-17T18:36:28.805Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RBG-100",
          "vendor": "Glory Global Solutions",
          "versions": [
            {
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp."
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Omar Crespo, Pentester, GM Sectec, Corp."
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulnCheck"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privileges, were found to have fixed, embedded passwords. An attacker with network access to exposed services such as SSH may authenticate using these credentials and gain unauthorized access to the system. Successful exploitation allows remote access with elevated privileges and may result in full system compromise."
            }
          ],
          "value": "Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privileges, were found to have fixed, embedded passwords. An attacker with network access to exposed services such as SSH may authenticate using these credentials and gain unauthorized access to the system. Successful exploitation allows remote access with elevated privileges and may result in full system compromise."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-18T15:33:38.469Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://www.glory-global.com/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/glory-rbg-100-recycler-system-hard-coded-os-credentials"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Glory RBG-100 Recycler System Hard-coded OS Credentials",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-23647",
    "datePublished": "2026-02-17T16:30:06.514Z",
    "dateReserved": "2026-01-14T16:55:09.103Z",
    "dateUpdated": "2026-02-18T15:33:38.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24346 (GCVE-0-2026-24346)

Vulnerability from cvelistv5 – Published: 2026-01-27 09:18 – Updated: 2026-01-27 15:21
VLAI
Title
Use of well-known default credentials in EZCast Pro II Dongle
Summary
Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Vendor Product Version
EZCast EZCast Pro II Affected: 1.17478.146
Create a notification for this product.
Credits
Swiss National Test Institute for Cybersecurity NTC Redguard AG Swiss National Cybersecurity Centre
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24346",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-27T15:14:28.146647Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-27T15:21:10.523Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "EZCast Pro II",
          "vendor": "EZCast",
          "versions": [
            {
              "status": "affected",
              "version": "1.17478.146"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Swiss National Test Institute for Cybersecurity NTC"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Redguard AG"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Swiss National Cybersecurity Centre"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application"
            }
          ],
          "value": "Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-27T09:18:57.833Z",
        "orgId": "455daabc-a392-441d-aa46-37d35189897c",
        "shortName": "NCSC.ch"
      },
      "references": [
        {
          "url": "https://hub.ntc.swiss/ntcf-2025-13993"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Use of well-known default credentials in EZCast Pro II Dongle",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "All users are encouraged to change the admin password upon first use."
            }
          ],
          "value": "All users are encouraged to change the admin password upon first use."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
    "assignerShortName": "NCSC.ch",
    "cveId": "CVE-2026-24346",
    "datePublished": "2026-01-27T09:18:57.833Z",
    "dateReserved": "2026-01-22T12:55:22.578Z",
    "dateUpdated": "2026-01-27T15:21:10.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24444 (GCVE-0-2026-24444)

Vulnerability from cvelistv5 – Published: 2026-05-28 15:32 – Updated: 2026-05-28 17:29
VLAI
Title
SDMC NE6037 Hardcoded Password via mgmt.php/npcmd.php
Summary
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the recovery endpoint via HTTP. Attackers can leverage this hardcoded password to enable filtered SSH and Telnet services on the device, resulting in unauthenticated root-level remote access to the underlying system.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Vendor Product Version
SDMC Technology Co., Ltd NE6037 Affected: 7.1.6.0.25 (custom)
Affected: 7.1.6.1.9_B9 (custom)
Create a notification for this product.
Date Public
2026-05-28 00:00
Credits
Ivan Racic VulnCheck
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24444",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T17:29:15.709155Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T17:29:24.215Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "NE6037",
          "vendor": "SDMC Technology Co., Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.6.0.25",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "7.1.6.1.9_B9",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ivan Racic"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulnCheck"
        }
      ],
      "datePublic": "2026-05-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the recovery endpoint via HTTP. Attackers can leverage this hardcoded password to enable filtered SSH and Telnet services on the device, resulting in unauthenticated root-level remote access to the underlying system."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-28T15:32:14.333Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://www.kr3bz.wtf/posts/sdmc-ne6037-router-recovery-backdoor/"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://en.sdmctech.com/product/DOCSIS_234.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "SDMC NE6037 Hardcoded Password via mgmt.php/npcmd.php",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-24444",
    "datePublished": "2026-05-28T15:32:14.333Z",
    "dateReserved": "2026-01-22T20:23:19.804Z",
    "dateUpdated": "2026-05-28T17:29:24.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation

Phase: Architecture and Design

Description:

  • For outbound authentication: store passwords, keys, and other credentials outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible [REF-7].
  • In Windows environments, the Encrypted File System (EFS) may provide some protection.
Mitigation

Phase: Architecture and Design

Description:

  • For inbound authentication: Rather than hard-code a default username and password, key, or other authentication credentials for first time logins, utilize a "first login" mode that requires the user to enter a unique strong password or key.
Mitigation

Phase: Architecture and Design

Description:

  • If the product must contain hard-coded credentials or they cannot be removed, perform access control checks and limit which entities can access the feature that requires the hard-coded credentials. For example, a feature might only be enabled through the system console instead of through a network connection.
Mitigation

Phase: Architecture and Design

Description:

  • For inbound authentication using passwords: apply strong one-way hashes to passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When handling an incoming password during authentication, take the hash of the password and compare it to the saved hash.
  • Use randomly assigned salts for each separate hash that is generated. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method.
Mitigation

Phase: Architecture and Design

Description:

  • For front-end to back-end connections: Three solutions are possible, although none are complete.
  • The first suggestion involves the use of generated passwords or keys that are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals.
  • Next, the passwords or keys should be limited at the back end to only performing actions valid for the front end, as opposed to having full access.
  • Finally, the messages sent should be tagged and checksummed with time sensitive values so as to prevent replay-style attacks.
CAPEC-191: Read Sensitive Constants Within an Executable

An adversary engages in activities to discover any sensitive constants present within the compiled code of an executable. These constants may include literal ASCII strings within the file itself, or possibly strings hard-coded into particular routines that can be revealed by code refactoring methods including static and dynamic analysis.

CAPEC-70: Try Common or Default Usernames and Passwords

An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an intelligent brute force using empty passwords, known vendor default credentials, as well as a dictionary of common usernames and passwords. Many vendor products come preconfigured with default (and thus well-known) usernames and passwords that should be deleted prior to usage in a production environment. It is a common mistake to forget to remove these default login credentials. Another problem is that users would pick very simple (common) passwords (e.g. "secret" or "password") that make it easier for the attacker to gain access to the system compared to using a brute force attack or even a dictionary attack using a full dictionary.

Back to CWE stats page