CWE-798

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command.

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service.

Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it.

Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device parameters

Mutiny 7.2.0-10788 suffers from Hardcoded root password.

In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample.