Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-03 | CVE-2017-14115 | Use of Hard-coded Credentials vulnerability in ATT U-Verse Firmware 9.2.2H0D83 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands. | 8.1 |
| 2017-08-28 | CVE-2014-8426 | Use of Hard-coded Credentials vulnerability in Barracuda Load Balancer 5.0.0.015 Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. | 9.8 |
| 2017-08-25 | CVE-2017-12709 | Use of Hard-coded Credentials vulnerability in Westermo products A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. | 5.3 |
| 2017-08-25 | CVE-2016-5816 | Use of Hard-coded Credentials vulnerability in Westermo products A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. | 7.5 |
| 2017-08-05 | CVE-2017-9852 | Use of Hard-coded Credentials vulnerability in SMA products An Incorrect Password Management issue was discovered in SMA Solar Technology products. | 9.8 |
| 2017-08-04 | CVE-2017-10818 | Use of Hard-coded Credentials vulnerability in Intercom Malion 5.2.1 MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service. | 9.8 |
| 2017-08-02 | CVE-2017-2283 | Use of Hard-coded Credentials vulnerability in Iodata Wn-G300R3 Firmware WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | 8.0 |
| 2017-08-02 | CVE-2017-2280 | Use of Hard-coded Credentials vulnerability in Iodata Wn-Ax1167Gr Firmware 3.00 WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | 8.8 |
| 2017-08-01 | CVE-2017-11380 | Use of Hard-coded Credentials vulnerability in Trendmicro Deep Discovery Director 1.1 Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1. | 9.8 |
| 2017-08-01 | CVE-2017-11129 | Use of Hard-coded Credentials vulnerability in Stashcat Heinekingmedia 1.7.5 An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. | 9.8 |