Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-16 | CVE-2017-12350 | Use of Hard-coded Credentials vulnerability in Cisco Umbrella Insights Virtual Appliance A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. | 8.2 |
| 2017-11-01 | CVE-2017-14027 | Use of Hard-coded Credentials vulnerability in Korenix products A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. | 9.8 |
| 2017-11-01 | CVE-2017-14021 | Use of Hard-coded Credentials vulnerability in Korenix products A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. | 9.8 |
| 2017-11-01 | CVE-2017-14376 | Use of Hard-coded Credentials vulnerability in EMC Appsync EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. | 7.8 |
| 2017-10-27 | CVE-2017-15582 | Use of Hard-coded Credentials vulnerability in Writediary Diary With Lock 4.72 In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries. | 7.5 |
| 2017-10-26 | CVE-2017-15909 | Use of Hard-coded Credentials vulnerability in Dlink Dgs-1500 Firmware 2.10.002/2.50.008/2.51.005 D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. | 9.8 |
| 2017-10-22 | CVE-2017-12317 | Use of Hard-coded Credentials vulnerability in Cisco Advanced Malware Protection The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. | 6.7 |
| 2017-10-10 | CVE-2017-12860 | Use of Hard-coded Credentials vulnerability in Epson Easymp 2.86 The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded "backdoor" code (2270), which authenticates to all devices. | 9.8 |
| 2017-09-29 | CVE-2017-12239 | Use of Hard-coded Credentials vulnerability in Cisco IOS XE A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. | 6.8 |
| 2017-09-26 | CVE-2017-9957 | Use of Hard-coded Credentials vulnerability in Schneider-Electric U.Motion Builder 1.2.1 A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. | 9.8 |