Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2017-05-06 CVE-2017-7927 Use of Hard-coded Credentials vulnerability in Dahuasecurity products
A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices.
network
low complexity
dahuasecurity CWE-798
7.3
2017-04-26 CVE-2017-6054 Use of Hard-coded Credentials vulnerability in Hyundaiusa Blue Link 3.9.4/3.9.5
A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4.
network
low complexity
hyundaiusa CWE-798
7.5
2017-04-25 CVE-2017-8224 Use of Hard-coded Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware
Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.
network
low complexity
wificam CWE-798
critical
9.8
2017-04-24 CVE-2015-7246 Use of Hard-coded Credentials vulnerability in D-Link Dvg-N5402Sp Firmware W1000Cn00/W1000Cn03/W2000En00
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
network
low complexity
d-link CWE-798
critical
9.8
2017-04-23 CVE-2017-8077 Use of Hard-coded Credentials vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2
On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt).
network
low complexity
tp-link CWE-798
7.5
2017-04-21 CVE-2016-1560 Use of Hard-coded Credentials vulnerability in Exagrid products
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session.
network
low complexity
exagrid CWE-798
critical
9.8
2017-04-11 CVE-2017-7462 Use of Hard-coded Credentials vulnerability in Intellinet-Network Nfc-30Ir Firmware Lm.1.6.16.05
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.
network
low complexity
intellinet-network CWE-798
critical
9.8
2017-04-10 CVE-2017-7648 Use of Hard-coded Credentials vulnerability in Foscam products
Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
network
high complexity
foscam CWE-798
8.1
2017-04-10 CVE-2015-2887 Use of Hard-coded Credentials vulnerability in Ibaby M3S Baby Monitor Firmware
iBaby M3S has a password of admin for the backdoor admin account.
network
low complexity
ibaby CWE-798
critical
9.8
2017-04-10 CVE-2015-2885 Use of Hard-coded Credentials vulnerability in Lens Laboratories Peek-A-View Firmware
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.
network
low complexity
lens-laboratories CWE-798
critical
9.8