Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-26 | CVE-2017-9956 | Use of Hard-coded Credentials vulnerability in Schneider-Electric U.Motion Builder 1.2.1 An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. | 7.3 |
| 2017-09-25 | CVE-2015-4667 | Use of Hard-coded Credentials vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0 Multiple hardcoded credentials in Xsuite 2.x. | 9.8 |
| 2017-09-21 | CVE-2017-12928 | Use of Hard-coded Credentials vulnerability in Tecnovision DLX Spot Player4 A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials. | 9.8 |
| 2017-09-20 | CVE-2017-9649 | Use of Hard-coded Credentials vulnerability in Mirion Technologies products A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). | 5.0 |
| 2017-09-20 | CVE-2017-8772 | Use of Hard-coded Credentials vulnerability in Twsz Wifi Repeater Firmware On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. | 9.8 |
| 2017-09-20 | CVE-2017-8771 | Use of Hard-coded Credentials vulnerability in Twsz Wifi Repeater Firmware On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). | 9.8 |
| 2017-09-19 | CVE-2017-14143 | Use of Hard-coded Credentials vulnerability in Kaltura Server The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie. | 9.8 |
| 2017-09-13 | CVE-2017-14428 | Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 7.8 |
| 2017-09-13 | CVE-2017-14426 | Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 7.8 |
| 2017-09-13 | CVE-2017-14422 | Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 7.5 |