Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2017-09-20 CVE-2017-9649 Use of Hard-coded Credentials vulnerability in Mirion Technologies products
A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices).
high complexity
mirion-technologies CWE-798
5.0
2017-09-20 CVE-2017-8772 Use of Hard-coded Credentials vulnerability in Twsz Wifi Repeater Firmware
On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1.
network
low complexity
twsz CWE-798
critical
9.8
2017-09-20 CVE-2017-8771 Use of Hard-coded Credentials vulnerability in Twsz Wifi Repeater Firmware
On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root").
network
low complexity
twsz CWE-798
critical
9.8
2017-09-19 CVE-2017-14143 Use of Hard-coded Credentials vulnerability in Kaltura Server
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
network
low complexity
kaltura CWE-798
critical
9.8
2017-09-13 CVE-2017-14428 Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
local
low complexity
dlink CWE-798
7.8
2017-09-13 CVE-2017-14426 Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
local
low complexity
dlink CWE-798
7.8
2017-09-13 CVE-2017-14422 Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
network
low complexity
dlink CWE-798
7.5
2017-09-13 CVE-2017-14421 Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
network
low complexity
dlink CWE-798
critical
9.8
2017-09-13 CVE-2017-11351 Use of Hard-coded Credentials vulnerability in Axesstel Mu553S Firmware Mu553Sv1.14
Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.
network
low complexity
axesstel CWE-798
critical
9.8
2017-09-03 CVE-2017-14116 Use of Hard-coded Credentials vulnerability in ATT U-Verse Firmware 9.2.2H0D83
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support.
network
high complexity
att CWE-798
8.1