Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-10 | CVE-2015-2882 | Use of Hard-coded Credentials vulnerability in Philips In.Sight B12037 Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account. | 9.8 |
| 2017-04-10 | CVE-2015-2881 | Use of Hard-coded Credentials vulnerability in Gynoii Gcw-1010, Gcw-1020 and Gpw-1025 Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account. | 9.8 |
| 2017-04-06 | CVE-2017-7576 | Use of Hard-coded Credentials vulnerability in Dragonwavex Horizon Wireless Radio Firmware 1.01.03 DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. | 9.8 |
| 2017-04-06 | CVE-2017-7574 | Use of Hard-coded Credentials vulnerability in Schneider-Electric Modicon Tm221Ce16R Firmware and Somachine Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. | 9.8 |
| 2017-04-02 | CVE-2016-8754 | Use of Hard-coded Credentials vulnerability in Huawei Oceanstor 5600 V3 Firmware V300R003C00 Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. | 7.5 |
| 2017-03-30 | CVE-2016-10308 | Use of Hard-coded Credentials vulnerability in Siklu Etherhaul Firmware 3.7.0/6.0 Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. | 9.8 |
| 2017-03-30 | CVE-2016-10307 | Use of Hard-coded Credentials vulnerability in Gotrango products Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). | 9.8 |
| 2017-03-30 | CVE-2016-10306 | Use of Hard-coded Credentials vulnerability in Trango A600 Firmware Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. | 9.8 |
| 2017-03-30 | CVE-2016-10305 | Use of Hard-coded Credentials vulnerability in Gotrango products Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. | 9.8 |
| 2017-03-09 | CVE-2017-6558 | Use of Hard-coded Credentials vulnerability in Iball Ib-Wra150N Firmware 1.2.6 iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. | 9.8 |