How severe is CVE-2023-51629?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2023-51629?

This is classified as CWE-259, which is a common weakness in software security.

CVE-2023-51629 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the ONVIF API. The issue results from the use of a hardcoded PIN. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21492.

Related Vulnerabilities

CVE-2021-27254

MEDIUM

CVSS:6.3(Medium)

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific fla...

CWE-2592021

CVE-2022-26388

MEDIUM

CVSS:6.4(Medium)

A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardi...

CWE-2592022

CVE-2020-12012

MEDIUM

CVSS:6.1(Medium)

Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and...

CWE-2592020

CVE-2024-27774

MEDIUM

CVSS:6.5(Medium)

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware

CWE-2592024

CVE-2024-46959

MEDIUM

CVSS:6.5(Medium)

runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audio...

CWE-2592024

CVE-2025-28031

MEDIUM

CVSS:6.5(Medium)

TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini.

CWE-2592025