Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-19 | CVE-2017-14143 | Use of Hard-coded Credentials vulnerability in Kaltura Server The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie. | 9.8 |
| 2017-09-13 | CVE-2017-14428 | Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 7.8 |
| 2017-09-13 | CVE-2017-14426 | Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 7.8 |
| 2017-09-13 | CVE-2017-14422 | Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 7.5 |
| 2017-09-13 | CVE-2017-14421 | Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 9.8 |
| 2017-09-13 | CVE-2017-11351 | Use of Hard-coded Credentials vulnerability in Axesstel Mu553S Firmware Mu553Sv1.14 Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account. | 9.8 |
| 2017-09-03 | CVE-2017-14116 | Use of Hard-coded Credentials vulnerability in ATT U-Verse Firmware 9.2.2H0D83 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support. | 8.1 |
| 2017-09-03 | CVE-2017-14115 | Use of Hard-coded Credentials vulnerability in ATT U-Verse Firmware 9.2.2H0D83 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands. | 8.1 |
| 2017-08-28 | CVE-2014-8426 | Use of Hard-coded Credentials vulnerability in Barracuda Load Balancer 5.0.0.015 Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. | 9.8 |
| 2017-08-25 | CVE-2017-12709 | Use of Hard-coded Credentials vulnerability in Westermo products A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. | 5.3 |