Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-2343 Use of Hard-coded Credentials vulnerability in Juniper Junos 12.3X48/15.1X49
The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices.
network
low complexity
juniper CWE-798
critical
9.8
2017-07-09 CVE-2017-4976 Use of Hard-coded Credentials vulnerability in EMC Esrs Policy Manager 6.7
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password.
network
low complexity
emc CWE-798
critical
9.8
2017-07-07 CVE-2017-2236 Use of Hard-coded Credentials vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges.
network
low complexity
toshiba CWE-798
critical
9.8
2017-06-30 CVE-2017-6022 Use of Hard-coded Credentials vulnerability in BD KLA Journal Service and Performa
A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions.
network
low complexity
bd CWE-798
critical
9.8
2017-06-30 CVE-2016-9358 Use of Hard-coded Credentials vulnerability in Marel products
A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system.
network
low complexity
marel CWE-798
critical
9.8
2017-06-21 CVE-2016-8731 Use of Hard-coded Credentials vulnerability in Foscam C1 Webcam Firmware 1.9.1.12
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12.
network
low complexity
foscam CWE-798
critical
9.8
2017-06-06 CVE-2016-0726 Use of Hard-coded Credentials vulnerability in Nagios
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
network
low complexity
nagios CWE-798
critical
9.8
2017-06-02 CVE-2017-6039 Use of Hard-coded Credentials vulnerability in Phoenixbroadband Poweragent SC3 BMS Firmware 6.86
A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87.
network
low complexity
phoenixbroadband CWE-798
5.3
2017-05-23 CVE-2017-6131 Use of Hard-coded Credentials vulnerability in F5 products
In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system.
network
low complexity
f5 CWE-798
critical
9.8
2017-05-21 CVE-2017-9132 Use of Hard-coded Credentials vulnerability in Mimosa Backhaul Radios and Client Radios
A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3.
network
low complexity
mimosa CWE-798
7.5