CVE-2024-38480

MEDIUM Year: 2024
CVSS v3 Score
4.0
Medium
Weakness Type
CWE-798
View all →

Vulnerability Description

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.

Related Vulnerabilities

CVE-2020-4190

MEDIUM
CVSS:4.1(Medium)

IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to externa...

CWE-7982020

CVE-2024-29963

LOW
CVSS:3.8(Low)

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries.

CWE-7982024

CVE-2019-17659

LOW
CVSS:3.7(Low)

A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by...

CWE-7982019

CVE-2021-42892

MEDIUM
CVSS:4.3(Medium)

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.

CWE-7982021

CVE-2023-29064

MEDIUM
CVSS:4.3(Medium)

The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative a...

CWE-7982023

CVE-2023-45194

MEDIUM
CVSS:4.3(Medium)

Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated a...

CWE-7982023