Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2017-09-19 CVE-2017-14143 Use of Hard-coded Credentials vulnerability in Kaltura Server
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
network
low complexity
kaltura CWE-798
critical
9.8
2017-09-13 CVE-2017-14428 Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
local
low complexity
dlink CWE-798
7.8
2017-09-13 CVE-2017-14426 Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
local
low complexity
dlink CWE-798
7.8
2017-09-13 CVE-2017-14422 Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
network
low complexity
dlink CWE-798
7.5
2017-09-13 CVE-2017-14421 Use of Hard-coded Credentials vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
network
low complexity
dlink CWE-798
critical
9.8
2017-09-13 CVE-2017-11351 Use of Hard-coded Credentials vulnerability in Axesstel Mu553S Firmware Mu553Sv1.14
Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.
network
low complexity
axesstel CWE-798
critical
9.8
2017-09-03 CVE-2017-14116 Use of Hard-coded Credentials vulnerability in ATT U-Verse Firmware 9.2.2H0D83
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support.
network
high complexity
att CWE-798
8.1
2017-09-03 CVE-2017-14115 Use of Hard-coded Credentials vulnerability in ATT U-Verse Firmware 9.2.2H0D83
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands.
network
high complexity
att CWE-798
8.1
2017-08-28 CVE-2014-8426 Use of Hard-coded Credentials vulnerability in Barracuda Load Balancer 5.0.0.015
Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015.
network
low complexity
barracuda CWE-798
critical
9.8
2017-08-25 CVE-2017-12709 Use of Hard-coded Credentials vulnerability in Westermo products
A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0.
local
low complexity
westermo CWE-798
5.3